From no-reply at appveyor.com Wed Jul 1 08:26:12 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 01 Jul 2020 08:26:12 +0000 Subject: Build failed: openssl master.35334 Message-ID: <20200701082612.1.CD3CDFAB49278E59@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 1 09:19:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 01 Jul 2020 09:19:22 +0000 Subject: Build completed: openssl master.35335 Message-ID: <20200701091922.1.8BDC260699114D6D@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Wed Jul 1 09:17:23 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 01 Jul 2020 09:17:23 +0000 Subject: [openssl] master update Message-ID: <1593595043.310918.19001.nullmailer@dev.openssl.org> The branch master has been updated via b4cb9498c9c76877a354316ba4246afbea178c83 (commit) via 0d8dbb52e3900fdd096ca1765137958340fb8497 (commit) via 4cec750c2f08faa7f7cdfcfa02fc4264d3c2ac95 (commit) via 0e7b1383e138ce3fa66c5bd0ea4a9cb35487436c (commit) via d18c7ad66aaaebe10c86127d966f5401bc414d2a (commit) via da1f88bf53f1bb03cc9f198cfe71ef6157549eff (commit) via 4acd484d55ac3c86091e42f81479f514d0cf8b17 (commit) via 023697870bcd4372a142a606546253d719a81024 (commit) via ade08735f9d0ac85d611c5abee8a1df651bbca13 (commit) from 5188d0d55c72138dd1b65521fb73ac31902f0a52 (commit) - Log ----------------------------------------------------------------- commit b4cb9498c9c76877a354316ba4246afbea178c83 Author: Dr. David von Oheimb Date: Sat Jun 27 16:16:12 2020 +0200 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit 0d8dbb52e3900fdd096ca1765137958340fb8497 Author: Dr. David von Oheimb Date: Sat Dec 28 12:33:12 2019 +0100 Add X509_self_signed(), extending and improving documenation and tests Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit 4cec750c2f08faa7f7cdfcfa02fc4264d3c2ac95 Author: Dr. David von Oheimb Date: Sat Jun 27 17:37:34 2020 +0200 Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit 0e7b1383e138ce3fa66c5bd0ea4a9cb35487436c Author: Dr. David von Oheimb Date: Tue Dec 24 11:25:15 2019 +0100 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() Move check that cert signing is allowed from x509v3_cache_extensions() to where it belongs: internal_verify(), generalize it for proxy cert signing. Correct and simplify check_issued(), now checking self-issued (not: self-signed). Add test case to 25-test_verify.t that demonstrates successful fix Fixes #1418 Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit d18c7ad66aaaebe10c86127d966f5401bc414d2a Author: Dr. David von Oheimb Date: Tue Dec 24 10:36:24 2019 +0100 Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit da1f88bf53f1bb03cc9f198cfe71ef6157549eff Author: Dr. David von Oheimb Date: Mon Dec 23 20:23:24 2019 +0100 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit 4acd484d55ac3c86091e42f81479f514d0cf8b17 Author: Dr. David von Oheimb Date: Mon Dec 23 20:15:49 2019 +0100 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit 023697870bcd4372a142a606546253d719a81024 Author: Dr. David von Oheimb Date: Mon Dec 23 17:37:17 2019 +0100 Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} This prepares some corrections and improves readability (coding style). Among others, it adds the static function check_sig_alg_match() and the internal functions x509_likely_issued() and x509_signing_allowed(). Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) commit ade08735f9d0ac85d611c5abee8a1df651bbca13 Author: Dr. David von Oheimb Date: Mon Dec 23 15:40:47 2019 +0100 Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) ----------------------------------------------------------------------- Summary of changes: apps/verify.c | 2 +- apps/x509.c | 10 +- crypto/cmp/cmp_util.c | 8 +- crypto/x509/v3_purp.c | 166 ++++++++++++++--------- crypto/x509/x509_local.h | 3 + crypto/x509/x509_txt.c | 7 +- crypto/x509/x509_vfy.c | 163 ++++++++++++---------- doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod | 8 +- doc/man1/openssl-verify.pod.in | 10 +- doc/man1/openssl.pod | 95 +++++++------ doc/man3/X509_STORE_CTX_get_error.pod | 71 ++++++---- doc/man3/X509_STORE_set_verify_cb_func.pod | 4 +- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 33 ++--- doc/man3/X509_check_issued.pod | 26 ++-- doc/man3/X509_sign.pod | 57 ++------ doc/man3/X509_verify.pod | 90 ++++++++++++ doc/man3/X509v3_cache_extensions.pod | 5 +- include/openssl/x509.h | 1 + include/openssl/x509_vfy.h | 1 + test/certs/ee-self-signed.pem | 18 +++ test/certs/setup.sh | 3 + test/recipes/25-test_verify.t | 21 ++- test/recipes/25-test_x509.t | 8 +- test/recipes/70-test_verify_extra.t | 1 + test/v3_ca_exts.cnf | 5 + test/verify_extra_test.c | 74 ++++++---- util/libcrypto.num | 1 + 27 files changed, 559 insertions(+), 332 deletions(-) create mode 100644 doc/man3/X509_verify.pod create mode 100644 test/certs/ee-self-signed.pem create mode 100644 test/v3_ca_exts.cnf diff --git a/apps/verify.c b/apps/verify.c index eee81799bf..c28f44571a 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -356,7 +356,7 @@ static int cb(int ok, X509_STORE_CTX *ctx) policies_print(ctx); /* fall thru */ case X509_V_ERR_CERT_HAS_EXPIRED: - /* Continue even if the leaf is a self signed cert */ + /* Continue even if the leaf is a self-signed cert */ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: /* Continue after extension errors too */ case X509_V_ERR_INVALID_CA: diff --git a/apps/x509.c b/apps/x509.c index ea083abc64..c64c7d2811 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -135,7 +135,7 @@ const OPTIONS x509_options[] = { {"setalias", OPT_SETALIAS, 's', "Set certificate alias"}, {"days", OPT_DAYS, 'n', "How long till expiry of a signed certificate - def 30 days"}, - {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"}, + {"signkey", OPT_SIGNKEY, 's', "Self-sign cert with arg"}, {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"}, {"certopt", OPT_CERTOPT, 's', "Various certificate text options"}, @@ -1030,7 +1030,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges goto end; /* - * NOTE: this certificate can/should be self signed, unless it was a + * NOTE: this certificate can/should be self-signed, unless it was a * certificate request in which case it is not. */ X509_STORE_CTX_set_cert(xsc, x); @@ -1084,8 +1084,8 @@ static int callb(int ok, X509_STORE_CTX *ctx) X509 *err_cert; /* - * it is ok to use a self signed certificate This case will catch both - * the initial ok == 0 and the final ok == 1 calls to this function + * It is ok to use a self-signed certificate. This case will catch both + * the initial ok == 0 and the final ok == 1 calls to this function. */ err = X509_STORE_CTX_get_error(ctx); if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) @@ -1098,7 +1098,7 @@ static int callb(int ok, X509_STORE_CTX *ctx) */ if (ok) { BIO_printf(bio_err, - "error with certificate to be certified - should be self signed\n"); + "error with certificate to be certified - should be self-signed\n"); return 0; } else { err_cert = X509_STORE_CTX_get_current_cert(ctx); diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 570e14cd24..d1128d7e66 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -218,7 +218,7 @@ int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, } int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, - int no_self_issued, int no_dups, int prepend) + int no_self_signed, int no_dups, int prepend) /* compiler would allow 'const' for the list of certs, yet they are up-ref'ed */ { int i; @@ -230,7 +230,7 @@ int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, for (i = 0; i < sk_X509_num(certs); i++) { /* certs may be NULL */ X509 *cert = sk_X509_value(certs, i); - if (!no_self_issued || X509_check_issued(cert, cert) != X509_V_OK) { + if (!no_self_signed || X509_self_signed(cert, 0) != 1) { if (!ossl_cmp_sk_X509_add1_cert(sk, cert, no_dups, prepend)) return 0; } @@ -239,7 +239,7 @@ int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, } int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_issued) + int only_self_signed) { int i; @@ -252,7 +252,7 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, for (i = 0; i < sk_X509_num(certs); i++) { X509 *cert = sk_X509_value(certs, i); - if (!only_self_issued || X509_check_issued(cert, cert) == X509_V_OK) + if (!only_self_signed || X509_self_signed(cert, 0) == 1) if (!X509_STORE_add_cert(store, cert)) /* ups cert ref counter */ return 0; } diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index b3401035f1..0fcf53a5ea 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -14,6 +14,7 @@ #include #include "crypto/x509.h" #include "internal/tsan_assist.h" +#include "x509_local.h" DEFINE_STACK_OF(GENERAL_NAME) DEFINE_STACK_OF(DIST_POINT) @@ -346,6 +347,21 @@ static int setup_crldp(X509 *x) return 1; } +/* Check that issuer public key algorithm matches subject signature algorithm */ +static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) +{ + int pkey_nid; + + if (pkey == NULL) + return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), + NULL, &pkey_nid) == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey)) + return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; + return X509_V_OK; +} + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -354,6 +370,11 @@ static int setup_crldp(X509 *x) #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) +/* + * Cache info on various X.509v3 extensions and further derived information, + * e.g., if cert 'x' is self-issued, in x->ex_flags and other internal fields. + * Set EXFLAG_INVALID and return 0 in case the certificate is invalid. + */ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) { BASIC_CONSTRAINTS *bs; @@ -372,24 +393,28 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) #endif CRYPTO_THREAD_write_lock(x->lock); - if (x->ex_flags & EXFLAG_SET) { + if (x->ex_flags & EXFLAG_SET) { /* cert has already been processed */ CRYPTO_THREAD_unlock(x->lock); return (x->ex_flags & EXFLAG_INVALID) == 0; } + /* Cache the SHA1 digest of the cert */ sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - if (sha1 == NULL || !X509_digest(x, sha1, x->sha1_hash, NULL)) + if (sha1 != NULL) { + if (!X509_digest(x, sha1, x->sha1_hash, NULL)) x->ex_flags |= EXFLAG_INVALID; - EVP_MD_free(sha1); + EVP_MD_free(sha1); + } /* V1 should mean no extensions ... */ - if (!X509_get_version(x)) + if (X509_get_version(x) == 0) x->ex_flags |= EXFLAG_V1; + /* Handle basic constraints */ - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) { + if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL)) != NULL) { if (bs->ca) x->ex_flags |= EXFLAG_CA; - if (bs->pathlen) { + if (bs->pathlen != NULL) { if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { x->ex_flags |= EXFLAG_INVALID; x->ex_pathlen = 0; @@ -400,15 +425,17 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) x->ex_pathlen = 0; } } - } else + } else { x->ex_pathlen = -1; + } BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; } else if (i != -1) { x->ex_flags |= EXFLAG_INVALID; } + /* Handle proxy certificates */ - if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) { + if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL)) != NULL) { if (x->ex_flags & EXFLAG_CA || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { @@ -423,60 +450,55 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) } else if (i != -1) { x->ex_flags |= EXFLAG_INVALID; } - /* Handle key usage */ - if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL))) { + + /* Handle (basic and extended) key usage */ + if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL)) != NULL) { + x->ex_kusage = 0; if (usage->length > 0) { x->ex_kusage = usage->data[0]; if (usage->length > 1) x->ex_kusage |= usage->data[1] << 8; - } else - x->ex_kusage = 0; + } x->ex_flags |= EXFLAG_KUSAGE; ASN1_BIT_STRING_free(usage); } else if (i != -1) { x->ex_flags |= EXFLAG_INVALID; } x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL))) { + if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL)) != NULL) { x->ex_flags |= EXFLAG_XKUSAGE; for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { case NID_server_auth: x->ex_xkusage |= XKU_SSL_SERVER; break; - case NID_client_auth: x->ex_xkusage |= XKU_SSL_CLIENT; break; - case NID_email_protect: x->ex_xkusage |= XKU_SMIME; break; - case NID_code_sign: x->ex_xkusage |= XKU_CODE_SIGN; break; - case NID_ms_sgc: case NID_ns_sgc: x->ex_xkusage |= XKU_SGC; break; - case NID_OCSP_sign: x->ex_xkusage |= XKU_OCSP_SIGN; break; - case NID_time_stamp: x->ex_xkusage |= XKU_TIMESTAMP; break; - case NID_dvcs: x->ex_xkusage |= XKU_DVCS; break; - case NID_anyExtendedKeyUsage: x->ex_xkusage |= XKU_ANYEKU; break; + default: + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); @@ -484,7 +506,8 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) x->ex_flags |= EXFLAG_INVALID; } - if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL))) { + /* Handle legacy Netscape extension */ + if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL)) != NULL) { if (ns->length > 0) x->ex_nscert = ns->data[0]; else @@ -494,20 +517,25 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) } else if (i != -1) { x->ex_flags |= EXFLAG_INVALID; } + + /* Handle subject key identifier and issuer/authority key identifier */ x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL); if (x->skid == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL); if (x->akid == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; - /* Does subject name match issuer ? */ - if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; - /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK && - !ku_reject(x, KU_KEY_CERT_SIGN)) - x->ex_flags |= EXFLAG_SS; + + /* Check if subject name matches issuer */ + if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) { + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } + + /* Handle subject alternative names and various other extensions */ x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); if (x->altname == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; @@ -537,8 +565,10 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) break; } } + x509_init_sig_info(x); - x->ex_flags |= EXFLAG_SET; + + x->ex_flags |= EXFLAG_SET; /* indicate that cert has been processed */ #ifdef tsan_st_rel tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1); /* @@ -559,7 +589,7 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) * 1 is a CA * 2 Only possible in older versions of openSSL when basicConstraints are absent * new versions will not return this value. May be a CA - * 3 basicConstraints absent but self signed V1. + * 3 basicConstraints absent but self-signed V1. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. * 5 Netscape specific CA Flags present */ @@ -803,54 +833,59 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) } /*- - * Various checks to see if one certificate issued the second. - * This can be used to prune a set of possible issuer certificates - * which have been looked up using some simple method such as by - * subject name. + * Various checks to see if one certificate potentially issued the second. + * This can be used to prune a set of possible issuer certificates which + * have been looked up using some simple method such as by subject name. * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists, check that it matches issuer * 3. Check that issuer public key algorithm matches subject signature algorithm - * 4. If key_usage(issuer) exists, check that it supports certificate signing - * returns 0 for OK, positive for reason for mismatch, reasons match - * codes for X509_verify_cert() + * 4. Check that any key_usage(issuer) allows certificate signing + * Note that this does not include actually checking the signature. + * Returns 0 for OK, or positive for reason for mismatch + * where reason codes match those for X509_verify_cert(). */ +int x509_check_issued_int(X509 *issuer, X509 *subject, + OPENSSL_CTX *libctx, const char *propq) +{ + int ret; + + if ((ret = x509_likely_issued(issuer, subject, libctx, propq)) != X509_V_OK) + return ret; + return x509_signing_allowed(issuer, subject); +} -int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx, - const char *propq) +/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ +int x509_likely_issued(X509 *issuer, X509 *subject, + OPENSSL_CTX *libctx, const char *propq) { + int ret; + if (X509_NAME_cmp(X509_get_subject_name(issuer), - X509_get_issuer_name(subject))) + X509_get_issuer_name(subject)) != 0) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; if (!X509v3_cache_extensions(issuer, libctx, propq) || !X509v3_cache_extensions(subject, libctx, propq)) return X509_V_ERR_UNSPECIFIED; - if (subject->akid) { - int ret = X509_check_akid(issuer, subject->akid); - if (ret != X509_V_OK) - return ret; - } - - { - /* - * Check if the subject signature algorithm matches the issuer's PUBKEY - * algorithm - */ - EVP_PKEY *i_pkey = X509_get0_pubkey(issuer); - X509_ALGOR *s_algor = &subject->cert_info.signature; - int s_pknid = NID_undef, s_mdnid = NID_undef; - - if (i_pkey == NULL) - return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + ret = X509_check_akid(issuer, subject->akid); + if (ret != X509_V_OK) + return ret; - if (!OBJ_find_sigid_algs(OBJ_obj2nid(s_algor->algorithm), - &s_mdnid, &s_pknid) - || EVP_PKEY_type(s_pknid) != EVP_PKEY_base_id(i_pkey)) - return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; - } + /* check if the subject signature alg matches the issuer's PUBKEY alg */ + return check_sig_alg_match(X509_get0_pubkey(issuer), subject); +} +/*- + * Check if certificate I is allowed to issue certificate I + * according to the B field of I if present + * depending on any proxyCertInfo extension of I. + * Returns 0 for OK, or positive for reason for rejection + * where reason codes match those for X509_verify_cert(). + */ +int x509_signing_allowed(const X509 *issuer, const X509 *subject) +{ if (subject->ex_flags & EXFLAG_PROXY) { if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; @@ -866,8 +901,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) { - - if (!akid) + if (akid == NULL) return X509_V_OK; /* Check key ids (if present) */ @@ -897,7 +931,7 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) break; } } - if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) + if (nm != NULL && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)) != 0) return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } return X509_V_OK; diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h index e174ae7611..a1fe4203b9 100644 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -149,3 +149,6 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig); +int x509_likely_issued(X509 *issuer, X509 *subject, + OPENSSL_CTX *libctx, const char *propq); +int x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 4897c4d5dd..63d8d95f3f 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -58,9 +58,9 @@ const char *X509_verify_cert_error_string(long n) case X509_V_ERR_OUT_OF_MEM: return "out of memory"; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return "self signed certificate"; + return "self-signed certificate"; case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - return "self signed certificate in certificate chain"; + return "self-signed certificate in certificate chain"; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: return "unable to get local issuer certificate"; case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: @@ -178,6 +178,9 @@ const char *X509_verify_cert_error_string(long n) return "subject signature algorithm and issuer public key algorithm mismatch"; case X509_V_ERR_NO_ISSUER_PUBLIC_KEY: return "issuer certificate doesn't have a public key"; + case X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: + return "Cannot find certificate signature algorithm"; + default: /* Printing an error number into a static buffer is not thread-safe */ return "unknown certificate verification error"; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1e881ccfcd..1f17c71bc1 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -111,20 +111,43 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed, 0 if not, or -1 on error */ -static int cert_self_signed(X509_STORE_CTX *ctx, X509 *x) +/*- + * Return 1 if given cert is considered self-signed, 0 if not, or -1 on error. + * This actually verifies self-signedness only if requested. + * It calls X509v3_cache_extensions() + * to match issuer and subject names (i.e., the cert being self-issued) and any + * present authority key identifier to match the subject key identifier, etc. + */ +static int x509_self_signed_ex(X509 *cert, int verify_signature, + OPENSSL_CTX *libctx, const char *propq) { - if (!X509v3_cache_extensions(x, ctx->libctx, ctx->propq)) - return -1; + EVP_PKEY *pkey; - if (x->ex_flags & EXFLAG_SS) - return 1; - else + if ((pkey = X509_get0_pubkey(cert)) == NULL) { /* handles cert == NULL */ + X509err(0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); + return -1; + } + if (!X509v3_cache_extensions(cert, libctx, propq)) + return -1; + if ((cert->ex_flags & EXFLAG_SS) == 0) return 0; + if (!verify_signature) + return 1; + return X509_verify_ex(cert, pkey, libctx, propq); } -/* Given a certificate try and find an exact match in the store */ +/* wrapper for internal use */ +static int cert_self_signed(X509_STORE_CTX *ctx, X509 *x, int verify_signature) +{ + return x509_self_signed_ex(x, verify_signature, ctx->libctx, ctx->propq); +} + +int X509_self_signed(X509 *cert, int verify_signature) +{ + return x509_self_signed_ex(cert, verify_signature, NULL, NULL); +} +/* Given a certificate try and find an exact match in the store */ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) { STACK_OF(X509) *certs; @@ -324,7 +347,11 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - if (ctx->check_issued(ctx, x, issuer)) { + /* + * Below check 'issuer != x' is an optimization and safety precaution: + * Candidate issuer cert cannot be the same as the subject cert 'x'. + */ + if (issuer != x && ctx->check_issued(ctx, x, issuer)) { rv = issuer; if (x509_check_cert_time(ctx, rv, -1)) break; @@ -333,46 +360,29 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) return rv; } -/* Given a possible certificate and issuer check them */ - +/* + * Check that the given certificate 'x' is issued by the certificate 'issuer' + * and the issuer is not yet in ctx->chain, where the exceptional case + * that 'x' is self-issued and ctx->chain has just one element is allowed. + */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - int ret; - int ss; - - if (x == issuer) { - ss = cert_self_signed(ctx, x); - if (ss < 0) - return 0; - return ss; - } - - ret = x509_check_issued_int(issuer, x, ctx->libctx, ctx->propq); - if (ret == X509_V_OK) { + if (x509_likely_issued(issuer, x, ctx->libctx, ctx->propq) != X509_V_OK) + return 0; + if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) { int i; X509 *ch; - ss = cert_self_signed(ctx, x); - if (ss < 0) - return 0; - - /* Special case: single self signed certificate */ - if (ss > 0 && sk_X509_num(ctx->chain) == 1) - return 1; for (i = 0; i < sk_X509_num(ctx->chain); i++) { ch = sk_X509_value(ctx->chain, i); - if (ch == issuer || !X509_cmp(ch, issuer)) { - ret = X509_V_ERR_PATH_LOOP; - break; - } + if (ch == issuer || X509_cmp(ch, issuer) == 0) + return 0; } } - - return (ret == X509_V_OK); + return 1; } /* Alternative lookup method: look from a STACK stored in other_ctx */ - static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); @@ -562,7 +572,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } - /* Increment path length if not a self issued intermediate CA */ + /* Increment path length if not a self-issued intermediate CA */ if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; /* @@ -628,7 +638,7 @@ static int check_name_constraints(X509_STORE_CTX *ctx) X509 *x = sk_X509_value(ctx->chain, i); int j; - /* Ignore self issued certs unless last in chain */ + /* Ignore self-issued certs unless last in chain */ if (i && (x->ex_flags & EXFLAG_SI)) continue; @@ -1527,7 +1537,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) int cnum = ctx->error_depth; int chnum = sk_X509_num(ctx->chain) - 1; - /* if we have an alternative CRL issuer cert use that */ + /* If we have an alternative CRL issuer cert use that */ if (ctx->current_issuer) issuer = ctx->current_issuer; /* @@ -1538,7 +1548,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) issuer = sk_X509_value(ctx->chain, cnum + 1); else { issuer = sk_X509_value(ctx->chain, chnum); - /* If not self signed, can't check signature */ + /* If not self-issued, can't check signature */ if (!ctx->check_issued(ctx, issuer, issuer) && !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)) return 0; @@ -1753,7 +1763,7 @@ static int internal_verify(X509_STORE_CTX *ctx) goto check_cert; } - if (ctx->check_issued(ctx, xi, xi)) + if (ctx->check_issued(ctx, xi, xi)) /* the last cert appears self-signed */ xs = xi; else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { @@ -1773,18 +1783,23 @@ static int internal_verify(X509_STORE_CTX *ctx) * is allowed to reset errors (at its own peril). */ while (n >= 0) { - EVP_PKEY *pkey; - /* - * Skip signature check for self signed certificates unless explicitly - * asked for. It doesn't add any security and just wastes time. If - * the issuer's public key is unusable, report the issuer certificate + * Skip signature check for self-signed certificates unless explicitly + * asked for because it does not add any security and just wastes time. + * If the issuer's public key is not available or its key usage does + * not support issuing the subject cert, report the issuer certificate * and its depth (rather than the depth of the subject). */ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + EVP_PKEY *pkey; + int issuer_depth = n + (xi == xs ? 0 : 1); + int ret = x509_signing_allowed(xi, xs); + + if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret)) + return 0; if ((pkey = X509_get0_pubkey(xi)) == NULL) { - if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + if (!verify_cb_cert(ctx, xi, issuer_depth, + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) return 0; } else if (X509_verify_ex(xs, pkey, ctx->libctx, ctx->propq) <= 0) { if (!verify_cb_cert(ctx, xs, n, @@ -2803,7 +2818,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) return X509_TRUST_UNTRUSTED; /* - * Record any DANE trust-anchor matches, for the first depth to test, if + * Record any DANE trust anchor matches, for the first depth to test, if * there's one at that depth. (This'll be false for length 1 chains looking * for an exact match for the leaf certificate). */ @@ -2889,7 +2904,7 @@ static int dane_verify(X509_STORE_CTX *ctx) * When testing the leaf certificate, if we match a DANE-EE(3) record, * dane_match() returns 1 and we're done. If however we match a PKIX-EE(1) * record, the match depth and matching TLSA record are recorded, but the - * return value is 0, because we still need to find a PKIX trust-anchor. + * return value is 0, because we still need to find a PKIX trust anchor. * Therefore, when DANE authentication is enabled (required), we're done * if: * + matched < 0, internal error. @@ -2956,7 +2971,7 @@ static int build_chain(X509_STORE_CTX *ctx) SSL_DANE *dane = ctx->dane; int num = sk_X509_num(ctx->chain); X509 *cert = sk_X509_value(ctx->chain, num - 1); - int ss; + int self_signed; STACK_OF(X509) *sktmp = NULL; unsigned int search; int may_trusted = 0; @@ -2974,9 +2989,8 @@ static int build_chain(X509_STORE_CTX *ctx) return 0; } - ss = cert_self_signed(ctx, cert); - if (ss < 0) { - X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + self_signed = cert_self_signed(ctx, cert, 0); + if (self_signed < 0) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -3012,7 +3026,7 @@ static int build_chain(X509_STORE_CTX *ctx) } /* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add + * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add * them to our working copy of the untrusted certificate stack. Since the * caller of X509_STORE_CTX_init() may have provided only a leaf cert with * no corresponding stack of untrusted certificates, we may need to create @@ -3045,7 +3059,7 @@ static int build_chain(X509_STORE_CTX *ctx) ctx->param->depth = INT_MAX/2; /* - * Try to Extend the chain until we reach an ultimately trusted issuer. + * Try to extend the chain until we reach an ultimately trusted issuer. * Build chains up to one longer the limit, later fail if we hit the limit, * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code. */ @@ -3059,7 +3073,7 @@ static int build_chain(X509_STORE_CTX *ctx) * Look in the trust store if enabled for first lookup, or we've run * out of untrusted issuers and search here is not disabled. When we * reach the depth limit, we stop extending the chain, if by that point - * we've not found a trust-anchor, any trusted chain would be too long. + * we've not found a trust anchor, any trusted chain would be too long. * * The error reported to the application verify callback is at the * maximal valid depth with the current certificate equal to the last @@ -3105,8 +3119,8 @@ static int build_chain(X509_STORE_CTX *ctx) * Alternative trusted issuer for a mid-chain untrusted cert? * Pop the untrusted cert's successors and retry. We might now * be able to complete a valid chain via the trust store. Note - * that despite the current trust-store match we might still - * fail complete the chain to a suitable trust-anchor, in which + * that despite the current trust store match we might still + * fail complete the chain to a suitable trust anchor, in which * case we may prune some more untrusted certificates and try * again. Thus the S_DOALTERNATE bit may yet be turned on * again with an even shorter untrusted chain! @@ -3116,7 +3130,7 @@ static int build_chain(X509_STORE_CTX *ctx) * certificate among the ones from the trust store. */ if ((search & S_DOALTERNATE) != 0) { - if (!ossl_assert(num > i && i > 0 && ss == 0)) { + if (!ossl_assert(num > i && i > 0 && !self_signed)) { X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); X509_free(xtmp); trust = X509_TRUST_REJECTED; @@ -3144,7 +3158,7 @@ static int build_chain(X509_STORE_CTX *ctx) * Self-signed untrusted certificates get replaced by their * trusted matching issuer. Otherwise, grow the chain. */ - if (ss == 0) { + if (!self_signed) { if (!sk_X509_push(ctx->chain, x = xtmp)) { X509_free(xtmp); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); @@ -3153,9 +3167,8 @@ static int build_chain(X509_STORE_CTX *ctx) search = 0; continue; } - ss = cert_self_signed(ctx, x); - if (ss < 0) { - X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + self_signed = cert_self_signed(ctx, x, 0); + if (self_signed < 0) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -3163,7 +3176,7 @@ static int build_chain(X509_STORE_CTX *ctx) /* * We have a self-signed certificate that has the same * subject name (and perhaps keyid and/or serial number) as - * a trust-anchor. We must have an exact match to avoid + * a trust anchor. We must have an exact match to avoid * possible impersonation via key substitution etc. */ if (X509_cmp(x, xtmp) != 0) { @@ -3205,7 +3218,7 @@ static int build_chain(X509_STORE_CTX *ctx) search = 0; continue; } - if (ss == 0) + if (!self_signed) continue; } } @@ -3227,7 +3240,7 @@ static int build_chain(X509_STORE_CTX *ctx) /* Search for a trusted issuer of a shorter chain */ search |= S_DOALTERNATE; alt_untrusted = ctx->num_untrusted - 1; - ss = 0; + self_signed = 0; } } @@ -3249,7 +3262,8 @@ static int build_chain(X509_STORE_CTX *ctx) * Once we run out of untrusted issuers, we stop looking for more * and start looking only in the trust store if enabled. */ - xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x); + xtmp = (self_signed || depth < num) ? NULL + : find_issuer(ctx, sktmp, x); if (xtmp == NULL) { search &= ~S_DOUNTRUSTED; if (may_trusted) @@ -3279,11 +3293,10 @@ static int build_chain(X509_STORE_CTX *ctx) x = xtmp; ++ctx->num_untrusted; - ss = cert_self_signed(ctx, xtmp); - if (ss < 0) { - X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); - ctx->error = X509_V_ERR_UNSPECIFIED; + self_signed = cert_self_signed(ctx, xtmp, 0); + if (self_signed < 0) { sk_X509_free(sktmp); + ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -3327,10 +3340,10 @@ static int build_chain(X509_STORE_CTX *ctx) if (DANETLS_ENABLED(dane) && (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0)) return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH); - if (ss && sk_X509_num(ctx->chain) == 1) + if (self_signed && sk_X509_num(ctx->chain) == 1) return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); - if (ss) + if (self_signed) return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN); if (ctx->num_untrusted < num) diff --git a/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod b/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod index d8f617f55c..289428878e 100644 --- a/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod +++ b/doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod @@ -15,9 +15,9 @@ ossl_cmp_X509_STORE_get1_certs int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert, int no_dup, int prepend); int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, - int no_self_issued, int no_dups, int prepend); + int no_self_signed, int no_dups, int prepend); int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_issued); + int only_self_signed); STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); =head1 DESCRIPTION @@ -29,10 +29,10 @@ On success the reference count of the certificate is increased. ossl_cmp_sk_X509_add1_certs() appends or prepends (depending on the I argument) a list of certificates to the given list, -optionally only if not self-issued and optionally only if not already contained. +optionally only if not self-signed and optionally only if not already contained. The reference counts of those certificates appended successfully are increased. -ossl_cmp_X509_STORE_add1_certs() adds all or only self-issued certificates from +ossl_cmp_X509_STORE_add1_certs() adds all or only self-signed certificates from the given stack to given store. The I parameter may be NULL. ossl_cmp_X509_STORE_get1_certs() retrieves a copy of all certificates in the diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in index 7271efe833..bccaa2642f 100644 --- a/doc/man1/openssl-verify.pod.in +++ b/doc/man1/openssl-verify.pod.in @@ -97,9 +97,9 @@ with a B<->. =item I ... -One or more certificates to verify. If no certificates are given, +One or more target certificates to verify. If no certificates are given, this command will attempt to read a certificate from standard input. -If a certificate chain has multiple problems, this program tries to +If a certificate chain has multiple problems, this program attempts to display all of them. =back @@ -115,9 +115,9 @@ general form of the error message is: The first line contains the name of the certificate being verified followed by the subject name of the certificate. The second line contains the error number and the depth. The depth is number of the certificate being verified when a -problem was detected starting with zero for the certificate being verified itself -then 1 for the CA that signed the certificate and so on. Finally a text version -of the error number is presented. +problem was detected starting with zero for the target ("leaf") certificate +itself then 1 for the CA that signed the target certificate and so on. +Finally a textual version of the error number is presented. A list of the error codes and messages can be found in L; the full list is defined in the header file diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index c9e75eb526..dee181d264 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -829,45 +829,54 @@ command handles errors are documented on the specific command page. Verification is a complicated process, consisting of a number of separate steps that are detailed in the following paragraphs. -First, a certificate chain is built up starting from the supplied certificate -and ending in a root CA. It is an error if the whole chain cannot be -built up. The chain is built up by looking up the certificate that -signed (or issued) the certificate. It then repeats the process, until -it gets to a certificate that is self-issued. +First, a certificate chain is built up starting from the target certificate +and typically ending in a self-signed "root" CA certificate. +It is an error if the whole chain cannot be built up +unless the B<-partial_chain> option is given. +The chain is built up iteratively, looking up in turn +the certificate of the signer ("issuer") of the current certificate. +If a certificate is found that appears to be its own issuer +it is assumed to be the self-signed root, which must be trusted. The process of looking up the issuer's certificate itself involves a number -of steps. After all certificates whose subject name matches the issuer -name of the current certificate are subject to further tests. The relevant -authority key identifier components of the current certificate (if present) -must match the subject key identifier (if present) and issuer and serial -number of the candidate issuer, in addition the keyUsage extension of the -candidate issuer (if present) must permit certificate signing. - -The lookup first looks in the list of untrusted certificates and if no match -is found the remaining lookups are from the trusted certificates. The root CA -is always looked up in the trusted certificate list: if the certificate to -verify is a root certificate then an exact match must be found in the trusted -list. - -The second step is to check every untrusted certificate's extensions -for consistency with the supplied purpose. If the B<-purpose> option is -not included then no checks are done. The supplied or "leaf" certificate -must have extensions compatible with the supplied purpose and all other -certificates must also be valid CA certificates. The precise extensions -required are described in more detail in +of steps. +All available certificates with a subject name that matches the issuer +name of the current certificate are subject to further tests. +The relevant authority key identifier components of the current certificate +(if present) must match the subject key identifier (if present) +and issuer and serial number of the candidate issuer certificate. + +The lookup first searches for issuer certificates in the trust store. +If it does not find a match there it consults +the list of untrusted "intermediate" CA certificates (if provided). +The last certificate (which typically is of a root CA) is always looked up +in the trusted certificate list; an exact match must be found there. + +The second step is to check the extensions of every untrusted certificate +for consistency with the supplied purpose. +If the B<-purpose> option is not included then no checks are done. +The target or "leaf" certificate must have extensions compatible with the +supplied purpose and all other certificates must also be valid CA certificates. +The precise extensions required are described in more detail in L. -The third step is to check the trust settings on the root CA. The root -CA should be trusted for the supplied purpose. For compatibility with -previous versions of OpenSSL, a certificate with no trust settings is -considered to be valid for all purposes. - -The fourth, and final, step is to check the validity of the certificate -chain. The validity period is checked against the system time -and the C and C dates in the certificate. The certificate -signatures are also checked at this point. The B<-attime> flag may be -used to specify a time other than "now." - +The third step is to check the trust settings on the last certficate, +typically of a root CA. +It should be trusted for the supplied purpose. +For compatibility with previous versions of OpenSSL, +a certificate with no trust settings is considered to be valid for all purposes. + +The fourth, and final, step is to check the validity of the certificate chain. +The validity period is checked against the system time +and the C and C dates in each certificate. +The B<-attime> flag may be used to specify a time other than "now." +The certificate signatures are also checked at this point +(except for the signature of the self-signed "root CA" certificate, +which is verified only if the B<-check_ss_sig> option is given). +When verifying a certificate signature +the keyUsage extension (if present) of the candidate issuer certificate +is checked to permit digitalSignature for signing proxy certificates +or to permit keyCertSign for signing other certificates, respectively. If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid. @@ -898,7 +907,7 @@ This disables non-compliant workarounds for broken certificates. =item B<-ignore_critical> -Normally if an unhandled critical extension is present which is not +Normally if an unhandled critical extension is present that is not supported by OpenSSL the certificate is rejected (as required by RFC5280). If this option is set critical extensions are ignored. @@ -954,11 +963,14 @@ keys shorter than 1024 bits. Allow verification to succeed even if a I chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. +This certificate may be self-issued or belong to an intermediate CA. =item B<-check_ss_sig> -Verify the signature on the self-signed root CA. This is disabled by default -because it doesn't add any security. +Verify the signature on the last certificate in a chain +even when it is a self-signed (root CA) certificate. +By default in this case the check is disabled +because it does not add any security. =item B<-allow_proxy_certs> @@ -968,6 +980,10 @@ Allow the verification of proxy certificates. As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +When constructing the certificate chain, the trusted certificates specified +via B<-CAfile>, B<-CApath>, B<-CAstore> or B<-trusted> are always used +before any certificates specified via B<-untrusted>. + =item B<-no_alt_chains> As of OpenSSL 1.1.0, since B<-trusted_first> always on, this option has no @@ -986,7 +1002,8 @@ This option may be used multiple times. =item B<-untrusted> I Parse I as a set of one or more certificates in PEM format. -All certificates are untrusted certificates that may be used to +All certificates are untrusted certificates (typically of intermedate CAs) +that may be used to construct a certificate chain from the subject certificate to a trust anchor. This option may be used multiple times. diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index ce69e4da45..474dd4dc4f 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -107,24 +107,29 @@ Unspecified error; should not happen. The issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. +To allow any certificate (not only a self-signed one) in the trust store +to terminate the chain the B flag may be set. =item B The CRL of a certificate could not be found. -=item B +=item B The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys. -=item B +=item B The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused. -=item B +=item B The public key in the certificate C field could not be read. @@ -155,19 +160,23 @@ The CRL is not yet valid. The CRL has expired. -=item B +=item B The certificate B field contains an invalid time. -=item B +=item B The certificate B field contains an invalid time. -=item B +=item B The CRL B field contains an invalid time. -=item B +=item B The CRL B field contains an invalid time. @@ -175,25 +184,29 @@ The CRL B field contains an invalid time. An error occurred trying to allocate memory. -=item B +=item B The passed certificate is self-signed and the same certificate cannot be found in the list of trusted certificates. -=item B +=item B -The certificate chain could be built up using the untrusted certificates but -the root could not be found locally. +The certificate chain could be built up using the untrusted certificates +but no suitable trust anchor (which typically is a self-signed root certificate) +could be found in the trust store. -=item B +=item B The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. -=item B +=item B No signatures could be verified because the chain contains only one certificate -and it is not self signed. +and it is not self-signed and the B flag is not set. =item B @@ -214,7 +227,7 @@ The basicConstraints path-length parameter has been exceeded. =item B -The supplied certificate cannot be used for the specified purpose. +The target certificate cannot be used for the specified purpose. =item B @@ -229,32 +242,37 @@ The root CA is marked to reject the specified purpose. The current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. -=item B +=item B The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Not used as of OpenSSL 1.1.0. -=item B +=item B The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Not used as of OpenSSL 1.1.0. -=item B +=item B The current candidate issuer certificate was rejected because its B extension does not permit certificate signing. Not used as of OpenSSL 1.1.0. -=item B +=item B A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. -=item B +=item B A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. This error only @@ -265,7 +283,7 @@ occurs if policy processing is enabled. The verification flags were set to require and explicit policy but none was present. -=item B +=item B The only CRLs that could be found did not match the scope of the certificate. @@ -281,17 +299,20 @@ A name constraint violation occurred in the permitted subtrees. A name constraint violation occurred in the excluded subtrees. -=item B +=item B A certificate name constraints extension included a minimum or maximum field: this is not supported. -=item B +=item B An unsupported name constraint type was encountered. OpenSSL currently only supports directory name, DNS name, email and URI types. -=item B +=item B The format of the name constraint is not recognised: for example an email address format of a form not mentioned in RFC3280. This could be caused by @@ -384,7 +405,7 @@ CA signature digest algorithm too weak. =item B -invalid certificate verification context. +Invalid certificate verification context. =item B diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index e845906cc8..84b216ffbe 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -145,7 +145,9 @@ I X509_STORE_set_check_issued() sets the function to check that a given -certificate B is issued with the issuer certificate B. +certificate B is issued by the issuer certificate B and +the issuer is not yet in the chain contained in , where the exceptional +case that B is self-issued and ctx->chain has just one element is allowed. This function must return 0 on failure (among others if B hasn't been issued with B) and 1 on success. I limit of 0 only allows the end-entity certificate to be signed -directly by the trust-anchor, while with a B limit of 1 there can be one -intermediate CA certificate between the trust-anchor and the end-entity +directly by the trust anchor, while with a B limit of 1 there can be one +intermediate CA certificate between the trust anchor and the end-entity certificate. X509_VERIFY_PARAM_set_auth_level() sets the authentication security level to @@ -283,24 +283,25 @@ they are enabled. If B is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. -B enables checking of the root CA self signed -certificate signature. By default this check is disabled because it doesn't +B requires verifying the signature of the last +certificate in a chain even when it is a self-signed (root CA) certificate. +In this case the check is disabled by default because it does not add any additional security but in some cases applications might want to check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors. -When B is set, construction of the certificate chain -in L will search the trust store for issuer certificates +When B is set, which is always the case since +OpenSSL 1.1.0, construction of the certificate chain +in L searches the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have explicit trust settings (see "TRUST SETTINGS" in L). -As of OpenSSL 1.1.0 this option is on by default. -The B flag suppresses checking for alternative -chains. +The B flag could have been used before OpenSSL 1.1.0 +to suppress checking for alternative chains. By default, unless B is set, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted certificates supplied by the peer @@ -309,15 +310,15 @@ found that is trusted. As of OpenSSL 1.1.0, with B always set, this option has no effect. -The B flag causes intermediate certificates in the -trust store to be treated as trust-anchors, in the same way as the self-signed +The B flag causes non-self-signed certificates in the +trust store to be treated as trust anchors, in the same way as self-signed root CA certificates. -This makes it possible to trust certificates issued by an intermediate CA -without having to trust its ancestor root CA. +This makes it possible to trust self-issued certificates as well as certificates +issued by an intermediate CA without having to trust their ancestor root CA. With OpenSSL 1.1.0 and later and set, chain -construction stops as soon as the first certificate from the trust store is -added to the chain, whether that certificate is a self-signed "root" -certificate or a not self-signed intermediate certificate. +construction stops as soon as the first certificate contained in the trust store +is added to the chain, whether that certificate is a self-signed "root" +certificate or a not self-signed "intermediate" or self-issued certificate. Thus, when an intermediate certificate is found in the trust store, the verified chain passed to callbacks may be shorter than it otherwise would be without the B flag. diff --git a/doc/man3/X509_check_issued.pod b/doc/man3/X509_check_issued.pod index d41dfcd53e..0aedefa459 100644 --- a/doc/man3/X509_check_issued.pod +++ b/doc/man3/X509_check_issued.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_check_issued - checks if certificate is issued by another +X509_check_issued - checks if certificate is apparently issued by another certificate =head1 SYNOPSIS @@ -14,24 +14,24 @@ certificate =head1 DESCRIPTION -This function checks if certificate I was issued using CA -certificate I. This function takes into account not only -matching of issuer field of I with subject field of I, -but also compares B extension of I with -B of I if B -present in the I certificate and checks B field of -I. +X509_check_issued() checks if certificate I was apparently issued +using (CA) certificate I. This function takes into account not only +matching of the issuer field of I with the subject field of I, +but also compares all sub-fields of the B extension of +I, as far as present, with the respective B, +serial number, and issuer fields of I, as far as present. It also checks +if the B field (if present) of I allows certificate signing. +It does not actually check the certificate signature. =head1 RETURN VALUES -Function return B if certificate I is issued by -I or some B constant to indicate an error. +X509_check_issued() returns B if all checks are successful +or some B constant to indicate an error. =head1 SEE ALSO -L, -L, -L +L, L, L, +L, L =head1 COPYRIGHT diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod index ccce5f573b..5f621a11e4 100644 --- a/doc/man3/X509_sign.pod +++ b/doc/man3/X509_sign.pod @@ -2,10 +2,10 @@ =head1 NAME -X509_sign, X509_sign_ctx, X509_verify_ex, X509_verify, X509_REQ_sign, -X509_REQ_sign_ctx, X509_REQ_verify_ex, X509_REQ_verify, X509_CRL_sign, -X509_CRL_sign_ctx, X509_CRL_verify -- sign or verify certificate, certificate request or CRL signature +X509_sign, X509_sign_ctx, +X509_REQ_sign, X509_REQ_sign_ctx, +X509_CRL_sign, X509_CRL_sign_ctx - +sign certificate, certificate request, or CRL signature =head1 SYNOPSIS @@ -13,18 +13,12 @@ X509_CRL_sign_ctx, X509_CRL_verify int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); - int X509_verify_ex(X509 *x, EVP_PKEY *pkey, OPENSSL_CTX *libctx, const char *propq); - int X509_verify(X509 *x, EVP_PKEY *pkey; int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); - int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, OPENSSL_CTX *libctx, - const char *propq); - int X509_REQ_verify(X509_REQ *a, EVP_PKEY *pkey); int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); - int X509_CRL_verify(X509_CRL *a, EVP_PKEY *pkey); =head1 DESCRIPTION @@ -32,18 +26,9 @@ X509_sign() signs certificate I using private key I and message digest I and sets the signature in I. X509_sign_ctx() also signs certificate I but uses the parameters contained in digest context I. -X509_verify_ex() verifies the signature of certificate I using public key -I. Any cryptographic algorithms required for the verification are fetched -using the library context I and the property query string I. Only -the signature is checked: no other checks (such as certificate chain validity) -are performed. - -X509_verify() is the same as X509_verify_ex() except that the default library -context and property query string are used. - -X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify_ex(), X509_REQ_verify(), -X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify -certificate requests and CRLs respectively. +X509_REQ_sign(), X509_REQ_sign_ctx(), +X509_CRL_sign(), and X509_CRL_sign_ctx() +sign certificate requests and CRLs, respectively. =head1 NOTES @@ -60,34 +45,18 @@ signature and signing will always update the encoding. =head1 RETURN VALUES -X509_sign(), X509_sign_ctx(), X509_REQ_sign(), X509_REQ_sign_ctx(), -X509_CRL_sign() and X509_CRL_sign_ctx() return the size of the signature +All functions return the size of the signature in bytes for success and zero for failure. -X509_verify_ex(), X509_verify(), X509_REQ_verify_ex(), X509_REQ_verify() and -X509_CRL_verify() return 1 if the signature is valid and 0 if the signature -check fails. If the signature could not be checked at all because it was invalid -or some other error occurred then -1 is returned. - =head1 SEE ALSO -L, L, -L, -L, -L, -L, -L, -L, -L, L, -L, -L, -L, L, -L, L, -L +L, L, +L, L, +L =head1 HISTORY @@ -95,9 +64,7 @@ The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are available in all versions of OpenSSL. The X509_sign_ctx(), X509_REQ_sign_ctx() -and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1. - -X509_verify_ex() and X509_REQ_verify_ex() were added in OpenSSL 3.0. +and X509_CRL_sign_ctx() functions were added in OpenSSL 1.0.1. =head1 COPYRIGHT diff --git a/doc/man3/X509_verify.pod b/doc/man3/X509_verify.pod new file mode 100644 index 0000000000..e0028473a2 --- /dev/null +++ b/doc/man3/X509_verify.pod @@ -0,0 +1,90 @@ +=pod + +=head1 NAME + +X509_verify_ex, X509_verify, X509_self_signed, +X509_REQ_verify_ex, X509_REQ_verify, +X509_CRL_verify - +verify certificate, certificate request, or CRL signature + +=head1 SYNOPSIS + + #include + + int X509_verify_ex(X509 *x, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq); + int X509_verify(X509 *x, EVP_PKEY *pkey); + int X509_self_signed(X509 *cert, int verify_signature); + + int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq); + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); + int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); + +=head1 DESCRIPTION + +X509_verify_ex() verifies the signature of certificate I using public key +I. Any cryptographic algorithms required for the verification are fetched +using the library context I and the property query string I. +Only the signature is checked: +no other checks (such as certificate chain validity) are performed. + +X509_verify() is the same as X509_verify_ex() except that the default library +context and property query string are used. + +X509_self_signed() checks whether a certificate is self-signed. +For success the issuer and subject names must match, the components of the +authority key identifier (if present) must match the subject key identifier etc. +The signature itself is actually verified only if B is 1, as +for explicitly trusted certificates this verification is not worth the effort. + +X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify() +verify the signatures of certificate requests and CRLs, respectively. + +=head1 RETURN VALUES + +X509_verify_ex(), X509_verify(), +X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify() +return 1 if the signature is valid and 0 if the signature check fails. +If the signature could not be checked at all because it was ill-formed +or some other error occurred then -1 is returned. + +X509_self_signed() returns the same values but also returns 1 +if all respective fields match and B is 0. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +The X509_verify(), X509_REQ_verify(), and X509_CRL_verify() +functions are available in all versions of OpenSSL. + +X509_verify_ex(), X509_REQ_verify_ex(), and X509_self_signed() +were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/X509v3_cache_extensions.pod b/doc/man3/X509v3_cache_extensions.pod index 952a8c2ead..766ab50d28 100644 --- a/doc/man3/X509v3_cache_extensions.pod +++ b/doc/man3/X509v3_cache_extensions.pod @@ -3,7 +3,7 @@ =head1 NAME X509v3_cache_extensions -- process any extensions in an X509 object +- cache info on various X.509v3 extensions and further derived certificate data =head1 SYNOPSIS @@ -14,7 +14,8 @@ X509v3_cache_extensions =head1 DESCRIPTION This function processes any X509v3 extensions that might be present in an X509 -object and caches the result of that processing. Many OpenSSL functions that use +object and caches the result of that processing as well as further derived info, +for instance if the certificate is self-issued. Many OpenSSL functions that use an X509 object will cause extensions to be processed and cached implicitly. If this is done implicitly then the default library context and property query string will be used. In some cases it may be desirable to use some other library diff --git a/include/openssl/x509.h b/include/openssl/x509.h index b0e33d5286..2212ceeedc 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -345,6 +345,7 @@ const char *X509_verify_cert_error_string(long n); int X509_verify_ex(X509 *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq); int X509_verify(X509 *a, EVP_PKEY *r); +int X509_self_signed(X509 *cert, int verify_signature); int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index fda13502c3..5cd123f635 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -204,6 +204,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 # define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 /* Certificate verify flags */ diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem new file mode 100644 index 0000000000..ad1e37ba0e --- /dev/null +++ b/test/certs/ee-self-signed.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN +MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU +fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC +76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz +BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl +V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv +0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP +MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO +lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G +d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI +ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 +CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK +wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 +WHoc +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index f4f3e046f0..d1c56bb56d 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -185,6 +185,9 @@ OPENSSL_SIGALG=md5 \ OPENSSL_KEYBITS=768 \ ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert +# self-signed end-entity cert with explicit keyUsage not including KeyCertSign +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature + # Proxy certificates, off of ee-client # Start with some good ones ./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \ diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 9039a5db81..42d44dcdce 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 139; +plan tests => 144; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -368,13 +368,28 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"] ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"), "Public Key Algorithm rsa instead of rsaEncryption"); + ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []), + "accept trusted self-signed EE cert excluding key usage keyCertSign"); + SKIP: { - skip "Ed25519 is not supported by this OpenSSL build", 1 + skip "Ed25519 is not supported by this OpenSSL build", 5 if disabled("ec"); # ED25519 certificate from draft-ietf-curdle-pkix-04 ok(verify("ee-ed25519", "sslserver", ["root-ed25519"], []), - "ED25519 signature"); + "accept X25519 EE cert issued by trusted Ed25519 self-signed CA cert"); + + ok(!verify("root-ed25519", "sslserver", ["ee-ed25519"], []), + "fail Ed25519 CA and EE certs swapped"); + + ok(verify("root-ed25519", "sslserver", ["root-ed25519"], []), + "accept trusted Ed25519 self-signed CA cert"); + + ok(!verify("ee-ed25519", "sslserver", ["ee-ed25519"], []), + "fail trusted Ed25519-signed self-issued X25519 cert"); + + ok(verify("ee-ed25519", "sslserver", ["ee-ed25519"], [], "-partial_chain"), + "accept last-resort direct leaf match Ed25519-signed self-issued cert"); } diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 427c6b7fea..250738487a 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -41,6 +41,7 @@ SKIP: { # producing and checking self-issued (but not self-signed) cert my @path = qw(test certs); my $subj = "/CN=CA"; # using same DN as in issuer of ee-cert.pem + my $extfile = srctop_file("test", "v3_ca_exts.cnf"); my $pkey = srctop_file(@path, "ca-key.pem"); # issuer private key my $pubkey = "ca-pubkey.pem"; # the corresponding issuer public key # use any (different) key for signing our self-issued cert: @@ -50,10 +51,13 @@ SKIP: { ok(run(app(["openssl", "pkey", "-in", $pkey, "-pubout", "-out", $pubkey])) && run(app(["openssl", "x509", "-new", "-force_pubkey", $pubkey, - "-subj", $subj, "-signkey", $signkey, "-out", $selfout])) + "-subj", $subj, "-extfile", $extfile, + "-signkey", $signkey, "-out", $selfout])) && run(app(["openssl", "verify", "-no_check_time", - "-trusted", $selfout, $testcert]))); + "-trusted", $selfout, "-partial_chain", $testcert]))); + unlink $pubkey; + unlink $selfout; } subtest 'x509 -- x.509 v1 certificate' => sub { diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t index b8f4ab4312..6876870bbf 100644 --- a/test/recipes/70-test_verify_extra.t +++ b/test/recipes/70-test_verify_extra.t @@ -14,6 +14,7 @@ setup("test_verify_extra"); plan tests => 1; ok(run(test(["verify_extra_test", + srctop_file("test", "certs", "rootCA.pem"), srctop_file("test", "certs", "roots.pem"), srctop_file("test", "certs", "untrusted.pem"), srctop_file("test", "certs", "bad.pem"), diff --git a/test/v3_ca_exts.cnf b/test/v3_ca_exts.cnf new file mode 100644 index 0000000000..a6d3245fb4 --- /dev/null +++ b/test/v3_ca_exts.cnf @@ -0,0 +1,5 @@ +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 6cce626026..99a6361142 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -18,11 +18,24 @@ DEFINE_STACK_OF(X509) +static const char *root_f; static const char *roots_f; static const char *untrusted_f; static const char *bad_f; static const char *req_f; +static X509 *load_cert_from_file(const char *filename) +{ + X509 *cert = NULL; + BIO *bio; + + bio = BIO_new_file(filename, "r"); + if (bio != NULL) + cert = PEM_read_bio_X509(bio, NULL, 0, NULL); + BIO_free(bio); + return cert; +} + static STACK_OF(X509) *load_certs_from_file(const char *filename) { STACK_OF(X509) *certs; @@ -97,7 +110,6 @@ static int test_alt_chains_cert_forgery(void) int i; X509 *x = NULL; STACK_OF(X509) *untrusted = NULL; - BIO *bio = NULL; X509_STORE_CTX *sctx = NULL; X509_STORE *store = NULL; X509_LOOKUP *lookup = NULL; @@ -114,10 +126,7 @@ static int test_alt_chains_cert_forgery(void) untrusted = load_certs_from_file(untrusted_f); - if ((bio = BIO_new_file(bad_f, "r")) == NULL) - goto err; - - if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + if ((x = load_cert_from_file(bad_f)) == NULL) goto err; sctx = X509_STORE_CTX_new(); @@ -136,7 +145,6 @@ static int test_alt_chains_cert_forgery(void) err: X509_STORE_CTX_free(sctx); X509_free(x); - BIO_free(bio); sk_X509_pop_free(untrusted, X509_free); X509_STORE_free(store); return ret; @@ -146,14 +154,9 @@ static int test_store_ctx(void) { X509_STORE_CTX *sctx = NULL; X509 *x = NULL; - BIO *bio = NULL; int testresult = 0, ret; - bio = BIO_new_file(bad_f, "r"); - if (bio == NULL) - goto err; - - x = PEM_read_bio_X509(bio, NULL, 0, NULL); + x = load_cert_from_file(bad_f); if (x == NULL) goto err; @@ -175,7 +178,6 @@ static int test_store_ctx(void) err: X509_STORE_CTX_free(sctx); X509_free(x); - BIO_free(bio); return testresult; } @@ -184,16 +186,11 @@ OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n") static int test_distinguishing_id(void) { X509 *x = NULL; - BIO *bio = NULL; int ret = 0; ASN1_OCTET_STRING *v = NULL, *v2 = NULL; char *distid = "this is an ID"; - bio = BIO_new_file(bad_f, "r"); - if (bio == NULL) - goto err; - - x = PEM_read_bio_X509(bio, NULL, 0, NULL); + x = load_cert_from_file(bad_f); if (x == NULL) goto err; @@ -217,7 +214,6 @@ static int test_distinguishing_id(void) ret = 1; err: X509_free(x); - BIO_free(bio); return ret; } @@ -261,6 +257,32 @@ static int test_req_distinguishing_id(void) return ret; } +static int test_self_signed(const char *filename, int expected) +{ + X509 *cert; + int ret; + + cert = load_cert_from_file(filename); /* may result in NULL */ + ret = TEST_int_eq(X509_self_signed(cert, 1), expected); + X509_free(cert); + return ret; +} + +static int test_self_signed_good(void) +{ + return test_self_signed(root_f, 1); +} + +static int test_self_signed_bad(void) +{ + return test_self_signed(bad_f, 0); +} + +static int test_self_signed_error(void) +{ + return test_self_signed("nonexistent file name", -1); +} + int setup_tests(void) { if (!test_skip_common_options()) { @@ -268,15 +290,19 @@ int setup_tests(void) return 0; } - if (!TEST_ptr(roots_f = test_get_argument(0)) - || !TEST_ptr(untrusted_f = test_get_argument(1)) - || !TEST_ptr(bad_f = test_get_argument(2)) - || !TEST_ptr(req_f = test_get_argument(3))) + if (!TEST_ptr(root_f = test_get_argument(0)) + || !TEST_ptr(roots_f = test_get_argument(1)) + || !TEST_ptr(untrusted_f = test_get_argument(2)) + || !TEST_ptr(bad_f = test_get_argument(3)) + || !TEST_ptr(req_f = test_get_argument(4))) return 0; ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); ADD_TEST(test_distinguishing_id); ADD_TEST(test_req_distinguishing_id); + ADD_TEST(test_self_signed_good); + ADD_TEST(test_self_signed_bad); + ADD_TEST(test_self_signed_error); return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 22c7cdc709..db033eee9d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4681,6 +4681,7 @@ ERR_set_error ? 3_0_0 EXIST::FUNCTION: ERR_vset_error ? 3_0_0 EXIST::FUNCTION: X509_get0_authority_issuer ? 3_0_0 EXIST::FUNCTION: X509_get0_authority_serial ? 3_0_0 EXIST::FUNCTION: +X509_self_signed ? 3_0_0 EXIST::FUNCTION: EC_GROUP_new_by_curve_name_ex ? 3_0_0 NOEXIST::FUNCTION:EC EC_KEY_new_ex ? 3_0_0 NOEXIST::FUNCTION:EC EC_KEY_new_by_curve_name_ex ? 3_0_0 NOEXIST::FUNCTION:EC From matt at openssl.org Wed Jul 1 10:41:04 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 01 Jul 2020 10:41:04 +0000 Subject: [openssl] master update Message-ID: <1593600064.321455.30661.nullmailer@dev.openssl.org> The branch master has been updated via 0577959ceab4ca2a72a662ed12067da83cdbb3c7 (commit) from b4cb9498c9c76877a354316ba4246afbea178c83 (commit) - Log ----------------------------------------------------------------- commit 0577959ceab4ca2a72a662ed12067da83cdbb3c7 Author: Matt Caswell Date: Mon Jun 22 11:18:56 2020 +0100 Don't forget our provider ctx when resetting A number of the KDF reset functions were resetting a little too much Fixes #12225 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12229) ----------------------------------------------------------------------- Summary of changes: providers/implementations/kdfs/hkdf.c | 2 ++ providers/implementations/kdfs/kbkdf.c | 2 ++ providers/implementations/kdfs/krb5kdf.c | 2 ++ providers/implementations/kdfs/pbkdf2.c | 2 ++ providers/implementations/kdfs/sshkdf.c | 2 ++ providers/implementations/kdfs/sskdf.c | 2 ++ providers/implementations/kdfs/tls1_prf.c | 2 ++ providers/implementations/kdfs/x942kdf.c | 2 ++ 8 files changed, 16 insertions(+) diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index 77f4f2c8cc..0b1a6e9b7e 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -90,12 +90,14 @@ static void kdf_hkdf_free(void *vctx) static void kdf_hkdf_reset(void *vctx) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; + void *provctx = ctx->provctx; ossl_prov_digest_reset(&ctx->digest); OPENSSL_free(ctx->salt); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_cleanse(ctx->info, ctx->info_len); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } static size_t kdf_hkdf_size(KDF_HKDF *ctx) diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index 920f0d9af3..f3f3d9a609 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -122,6 +122,7 @@ static void kbkdf_free(void *vctx) static void kbkdf_reset(void *vctx) { KBKDF *ctx = (KBKDF *)vctx; + void *provctx = ctx->provctx; EVP_MAC_free_ctx(ctx->ctx_init); OPENSSL_clear_free(ctx->context, ctx->context_len); @@ -129,6 +130,7 @@ static void kbkdf_reset(void *vctx) OPENSSL_clear_free(ctx->ki, ctx->ki_len); OPENSSL_clear_free(ctx->iv, ctx->iv_len); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } /* SP800-108 section 5.1 or section 5.2 depending on mode. */ diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c index 4ae29a24c4..25462f3c1d 100644 --- a/providers/implementations/kdfs/krb5kdf.c +++ b/providers/implementations/kdfs/krb5kdf.c @@ -78,11 +78,13 @@ static void krb5kdf_free(void *vctx) static void krb5kdf_reset(void *vctx) { KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx; + void *provctx = ctx->provctx; ossl_prov_cipher_reset(&ctx->cipher); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_clear_free(ctx->constant, ctx->constant_len); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } static int krb5kdf_set_membuf(unsigned char **dst, size_t *dst_len, diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index 6ac0783096..e6956fe155 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -95,8 +95,10 @@ static void kdf_pbkdf2_free(void *vctx) static void kdf_pbkdf2_reset(void *vctx) { KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; + void *provctx = ctx->provctx; kdf_pbkdf2_cleanup(ctx); + ctx->provctx = provctx; kdf_pbkdf2_init(ctx); } diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index 137299235a..72d7c607dc 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -72,12 +72,14 @@ static void kdf_sshkdf_free(void *vctx) static void kdf_sshkdf_reset(void *vctx) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; + void *provctx = ctx->provctx; ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len); OPENSSL_clear_free(ctx->session_id, ctx->session_id_len); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len, diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 48a9e433d8..6d6e3295c8 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -302,6 +302,7 @@ static void *sskdf_new(void *provctx) static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + void *provctx = ctx->provctx; EVP_MAC_free_ctx(ctx->macctx); ossl_prov_digest_reset(&ctx->digest); @@ -309,6 +310,7 @@ static void sskdf_reset(void *vctx) OPENSSL_clear_free(ctx->info, ctx->info_len); OPENSSL_clear_free(ctx->salt, ctx->salt_len); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } static void sskdf_free(void *vctx) diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index 5cbe3b8175..d90a1bd072 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -115,12 +115,14 @@ static void kdf_tls1_prf_free(void *vctx) static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; + void *provctx = ctx->provctx; EVP_MAC_free_ctx(ctx->P_hash); EVP_MAC_free_ctx(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c index 6def5d218d..be141c0d88 100644 --- a/providers/implementations/kdfs/x942kdf.c +++ b/providers/implementations/kdfs/x942kdf.c @@ -255,11 +255,13 @@ static void *x942kdf_new(void *provctx) static void x942kdf_reset(void *vctx) { KDF_X942 *ctx = (KDF_X942 *)vctx; + void *provctx = ctx->provctx; ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->ukm, ctx->ukm_len); memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; } static void x942kdf_free(void *vctx) From no-reply at appveyor.com Wed Jul 1 10:47:51 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 01 Jul 2020 10:47:51 +0000 Subject: Build failed: openssl master.35337 Message-ID: <20200701104751.1.85D5A07522AA7860@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jul 1 12:01:53 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 01 Jul 2020 12:01:53 +0000 Subject: Errored: openssl/openssl#35882 (master - b4cb949) In-Reply-To: Message-ID: <5efc7b2f8bf80_13ffa9dcb9698890840@travis-pro-tasks-5fd5b595bb-pt8tn.mail> Build Update for openssl/openssl ------------------------------------- Build: #35882 Status: Errored Duration: 1 hr, 59 mins, and 1 sec Commit: b4cb949 (master) Author: Dr. David von Oheimb Message: X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) View the changeset: https://github.com/openssl/openssl/compare/5188d0d55c72...b4cb9498c9c7 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173811239?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jul 1 17:05:59 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 01 Jul 2020 17:05:59 +0000 Subject: Errored: openssl/openssl#35889 (master - 0577959) In-Reply-To: Message-ID: <5efcc276c21fb_13fda61c1417c1371cc@travis-pro-tasks-6866d5df88-fwpgs.mail> Build Update for openssl/openssl ------------------------------------- Build: #35889 Status: Errored Duration: 1 hr, 50 mins, and 15 secs Commit: 0577959 (master) Author: Matt Caswell Message: Don't forget our provider ctx when resetting A number of the KDF reset functions were resetting a little too much Fixes #12225 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12229) View the changeset: https://github.com/openssl/openssl/compare/b4cb9498c9c7...0577959ceab4 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173847441?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jul 1 23:09:01 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 01 Jul 2020 23:09:01 +0000 Subject: [openssl] master update Message-ID: <1593644941.768647.27902.nullmailer@dev.openssl.org> The branch master has been updated via 69f982679ec0c8887a4324d8518a33808fee1cd7 (commit) from 0577959ceab4ca2a72a662ed12067da83cdbb3c7 (commit) - Log ----------------------------------------------------------------- commit 69f982679ec0c8887a4324d8518a33808fee1cd7 Author: Pauli Date: Tue Jun 30 11:17:20 2020 +1000 doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12322) ----------------------------------------------------------------------- Summary of changes: doc/man3/SHA256_Init.pod | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod index 5aed8fa534..c8ac28de83 100644 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -79,9 +79,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if B is NULL. -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. - =head1 RETURN VALUES SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash From pauli at openssl.org Wed Jul 1 23:09:47 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 01 Jul 2020 23:09:47 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1593644987.866967.30232.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via f924b298125010b998b33abd158ac6a057b2bc9d (commit) from 0c3d0247a7b16cf10d6d869f34b40aa833b79fd5 (commit) - Log ----------------------------------------------------------------- commit f924b298125010b998b33abd158ac6a057b2bc9d Author: Pauli Date: Tue Jun 30 11:17:20 2020 +1000 doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12322) (cherry picked from commit 69f982679ec0c8887a4324d8518a33808fee1cd7) ----------------------------------------------------------------------- Summary of changes: doc/man3/SHA256_Init.pod | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod index 6a8f2fa0db..52e89e526a 100644 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -75,9 +75,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if B is NULL. -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. - =head1 RETURN VALUES SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash From kaduk at mit.edu Thu Jul 2 00:26:16 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Thu, 02 Jul 2020 00:26:16 +0000 Subject: [openssl] master update Message-ID: <1593649576.592513.19430.nullmailer@dev.openssl.org> The branch master has been updated via 94941cada25433a7dca35b5b9f8cbb751ab65ab3 (commit) from 69f982679ec0c8887a4324d8518a33808fee1cd7 (commit) - Log ----------------------------------------------------------------- commit 94941cada25433a7dca35b5b9f8cbb751ab65ab3 Author: Mi?osz Kaniewski Date: Tue Jun 30 21:46:38 2020 +0200 Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12330) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fea040289b..dd83f373b2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1217,6 +1217,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); + if (s->clienthello != NULL) + OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); From kaduk at mit.edu Thu Jul 2 00:49:56 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Thu, 02 Jul 2020 00:49:56 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1593650996.411702.4210.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via bfbf06c4d29086f1c67ed38324a2c4a9f642d291 (commit) from f924b298125010b998b33abd158ac6a057b2bc9d (commit) - Log ----------------------------------------------------------------- commit bfbf06c4d29086f1c67ed38324a2c4a9f642d291 Author: Mi?osz Kaniewski Date: Tue Jun 30 21:46:38 2020 +0200 Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12330) (cherry picked from commit 94941cada25433a7dca35b5b9f8cbb751ab65ab3) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f6a4964ed2..433a537969 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1200,6 +1200,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); + if (s->clienthello != NULL) + OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); From openssl at openssl.org Thu Jul 2 01:50:58 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 02 Jul 2020 01:50:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1593654658.067447.18201.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=2526, 839 wallclock secs ( 9.68 usr 1.45 sys + 773.29 cusr 57.76 csys = 842.18 CPU) Result: FAIL Makefile:3125: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3123: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 2 02:39:13 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 02 Jul 2020 02:39:13 +0000 Subject: Errored: openssl/openssl#35905 (master - 69f9826) In-Reply-To: Message-ID: <5efd48d16e8b9_13faaf71af2e822755a@travis-pro-tasks-7785b855d-dhmw2.mail> Build Update for openssl/openssl ------------------------------------- Build: #35905 Status: Errored Duration: 1 hr, 48 mins, and 38 secs Commit: 69f9826 (master) Author: Pauli Message: doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12322) View the changeset: https://github.com/openssl/openssl/compare/0577959ceab4...69f982679ec0 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173951480?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 2 04:47:11 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 02 Jul 2020 04:47:11 +0000 Subject: Errored: openssl/openssl#35907 (master - 94941ca) In-Reply-To: Message-ID: <5efd66cea98df_13ff1286a80708976d@travis-pro-tasks-84fc886884-9b8vl.mail> Build Update for openssl/openssl ------------------------------------- Build: #35907 Status: Errored Duration: 1 hr, 52 mins, and 6 secs Commit: 94941ca (master) Author: Mi?osz Kaniewski Message: Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12330) View the changeset: https://github.com/openssl/openssl/compare/69f982679ec0...94941cada254 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173957634?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Thu Jul 2 14:11:45 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Thu, 02 Jul 2020 14:11:45 +0000 Subject: [openssl] master update Message-ID: <1593699105.016300.14547.nullmailer@dev.openssl.org> The branch master has been updated via 9576c498ca8793261adc20e9dca9cf419617cd3e (commit) via af3e8c298ab9fcee47d2d4a54f8be084990f9382 (commit) via a20c9075d6a72f484d1f27d99a54483a7e96fc51 (commit) via 587e4e53f886cd4d7a8b0eb063b823409e2ed4b9 (commit) from 94941cada25433a7dca35b5b9f8cbb751ab65ab3 (commit) - Log ----------------------------------------------------------------- commit 9576c498ca8793261adc20e9dca9cf419617cd3e Author: Nicola Tuveri Date: Tue Jun 30 15:56:14 2020 +0300 [test/README.md] minor fix of examples missing the test target Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12326) commit af3e8c298ab9fcee47d2d4a54f8be084990f9382 Author: Nicola Tuveri Date: Tue Jun 30 15:55:12 2020 +0300 Travis: default to HARNESS_JOBS=4 We can run tests in parallel by setting the HARNESS_JOBS environment variable. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12326) commit a20c9075d6a72f484d1f27d99a54483a7e96fc51 Author: Nicola Tuveri Date: Tue Jun 30 10:23:56 2020 +0300 Run tests in parallel The environment variable `HARNESS_JOBS` can be used to control how many jobs to run in parallel. The default is still to run jobs sequentially. This commit does not define custom `rules`, and different versions of `TAP::Harness` come with different strategies regarding the default `rules` that define which test recipes can be run in parallel. In recent versions of Perl, unless specified otherwise any task can be run in parallel. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12326) commit 587e4e53f886cd4d7a8b0eb063b823409e2ed4b9 Author: Nicola Tuveri Date: Sun Jun 28 17:07:59 2020 +0300 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY Fixes #12303 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12304) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 1 + crypto/serializer/serializer_pkey.c | 5 +++-- test/README.md | 25 ++++++++++++++++++++++--- test/run_tests.pl | 3 +++ 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index be9ba1e68f..174e9b182f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -173,6 +173,7 @@ before_script: fi; fi - ./configdata.pm --dump + - export HARNESS_JOBS=${HARNESS_JOBS:-4} - cd $top script: diff --git a/crypto/serializer/serializer_pkey.c b/crypto/serializer/serializer_pkey.c index d612070240..1e7fc3eafb 100644 --- a/crypto/serializer/serializer_pkey.c +++ b/crypto/serializer/serializer_pkey.c @@ -292,8 +292,6 @@ OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, const OSSL_PROVIDER *desired_prov = EVP_KEYMGMT_provider(keymgmt); OPENSSL_CTX *libctx = ossl_provider_library_context(desired_prov); struct selected_serializer_st sel_data; - OSSL_PROPERTY_LIST *check = ossl_parse_query(libctx, "type=parameters"); - OSSL_PROPERTY_LIST *current_props = NULL; OSSL_SERIALIZER *first = NULL; const char *name; int i; @@ -347,6 +345,9 @@ OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, ser = first; if (ser != NULL) { + OSSL_PROPERTY_LIST *check = NULL, *current_props = NULL; + + check = ossl_parse_query(libctx, "type=parameters"); current_props = ossl_parse_property(libctx, OSSL_SERIALIZER_properties(ser)); if (ossl_property_match_count(check, current_props) > 0) diff --git a/test/README.md b/test/README.md index 4db26bd047..76bf1b17aa 100644 --- a/test/README.md +++ b/test/README.md @@ -114,17 +114,36 @@ starting with "test_ssl_": Run only test group 10: - $ make TESTS='10' + $ make TESTS='10' test Run all tests except the slow group (group 99): - $ make TESTS='-99' + $ make TESTS='-99' test Run all tests in test groups 80 to 99 except for tests in group 90: - $ make TESTS='[89]? -90' + $ make TESTS='[89]? -90' test To stochastically verify that the algorithm that produces uniformly distributed random numbers is operating correctly (with a false positive rate of 0.01%): $ ./util/wrap.sh test/bntest -stochastic + +Running Tests in Parallel +------------------------- + +By default the test harness will execute the selected tests sequentially. +Depending on the platform characteristics, running more than one test job in +parallel may speed up test execution. +This can be requested by setting the `HARNESS_JOBS` environment variable to a +positive integer value. This specifies the maximum number of test jobs to run in +parallel. + +Depending on the Perl version different strategies could be adopted to select +which test recipes can be run in parallel. In recent versions of Perl, unless +specified otherwise, any task can be run in parallel. Consult the documentation +for `TAP::Harness` to know more. + +To run up to four tests in parallel at any given time: + + $ make HARNESS_JOBS=4 test diff --git a/test/run_tests.pl b/test/run_tests.pl index 8306c6018a..5eddaf8468 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -30,6 +30,7 @@ my $srctop = $ENV{SRCTOP} || $ENV{TOP}; my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); +my $jobs = $ENV{HARNESS_JOBS}; $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); @@ -44,6 +45,8 @@ my %tapargs = merge => 1, ); +$tapargs{jobs} = $jobs if defined $jobs; + # Additional OpenSSL special TAP arguments. Because we can't pass them via # TAP::Harness->new(), they will be accessed directly, see the # TAP::Parser::OpenSSL implementation further down From builds at travis-ci.com Thu Jul 2 16:15:17 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 02 Jul 2020 16:15:17 +0000 Subject: Errored: openssl/openssl#35915 (master - 9576c49) In-Reply-To: Message-ID: <5efe0815ce1b_13f8c8b4a854c5183ee@travis-pro-tasks-7c95bf99f9-q4r65.mail> Build Update for openssl/openssl ------------------------------------- Build: #35915 Status: Errored Duration: 1 hr, 19 mins, and 28 secs Commit: 9576c49 (master) Author: Nicola Tuveri Message: [test/README.md] minor fix of examples missing the test target Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12326) View the changeset: https://github.com/openssl/openssl/compare/94941cada254...9576c498ca87 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174061295?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 2 16:54:05 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 02 Jul 2020 16:54:05 +0000 Subject: [openssl] master update Message-ID: <1593708845.075045.27590.nullmailer@dev.openssl.org> The branch master has been updated via 610e2b3b7019b11d97f1dcda13575254a2c65c3d (commit) from 9576c498ca8793261adc20e9dca9cf419617cd3e (commit) - Log ----------------------------------------------------------------- commit 610e2b3b7019b11d97f1dcda13575254a2c65c3d Author: Richard Levitte Date: Wed Jul 1 10:06:59 2020 +0200 Configure: Check source and build dir equality a little more thoroughly 'absolutedir' does a thorough job ensuring that we have a "real" path to both source and build directory, unencumbered by symbolic links. However, that isn't enough on case insensitive file systems on Unix flavored platforms, where it's possible to stand in, for example, /PATH/TO/Work/openssl, and then do this: perl ../../work/openssl/Configure ... and thereby having it look like the source directory and the build directory aren't the same. We solve this by having a closer look at the computed source and build directories, and making sure they are exactly the same strings if they are in fact the same directory. This is especially important when making symbolic links based on this directories, but may have other ramifications as well. Fixes #12323 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12337) ----------------------------------------------------------------------- Summary of changes: Configure | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index b040c48174..3a86e74fdc 100755 --- a/Configure +++ b/Configure @@ -238,12 +238,22 @@ sub resolve_config; # Unified build supports separate build dir my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax + +# File::Spec::Unix doesn't detect case insensitivity, so we make sure to +# check if the source and build directory are really the same, and make +# them so. This avoids all kinds of confusion later on. +# We must check @File::Spec::ISA rather than using File::Spec->isa() to +# know if File::Spec ended up loading File::Spec::Unix. +$srcdir = $blddir + if (grep(/::Unix$/, @File::Spec::ISA) + && samedir($srcdir, $blddir)); + my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; -$config{sourcedir} = abs2rel($srcdir); -$config{builddir} = abs2rel($blddir); +$config{sourcedir} = abs2rel($srcdir, $blddir); +$config{builddir} = abs2rel($blddir, $blddir); # echo -n 'holy hand grenade of antioch' | openssl sha256 $config{FIPSKEY} = 'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813'; @@ -3249,6 +3259,27 @@ sub absolutedir { return realpath($dir); } +# Check if all paths are one and the same, using stat. They must both exist +# We need this for the cases when File::Spec doesn't detect case insensitivity +# (File::Spec::Unix assumes case sensitivity) +sub samedir { + die "samedir expects two arguments\n" unless scalar @_ == 2; + + my @stat0 = stat($_[0]); # First argument + my @stat1 = stat($_[1]); # Second argument + + die "Couldn't stat $_[0]" unless @stat0; + die "Couldn't stat $_[1]" unless @stat1; + + # Compare device number + return 0 unless ($stat0[0] == $stat1[0]); + # Compare "inode". The perl manual recommends comparing as + # string rather than as number. + return 0 unless ($stat0[1] eq $stat1[1]); + + return 1; # All the same +} + sub quotify { my %processors = ( perl => sub { my $x = shift; From levitte at openssl.org Thu Jul 2 16:56:50 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 02 Jul 2020 16:56:50 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1593709010.768590.30500.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a98fa843b8ab00e8f3b966a1f5321aaffe805100 (commit) from bfbf06c4d29086f1c67ed38324a2c4a9f642d291 (commit) - Log ----------------------------------------------------------------- commit a98fa843b8ab00e8f3b966a1f5321aaffe805100 Author: Richard Levitte Date: Wed Jul 1 10:06:59 2020 +0200 Configure: Check source and build dir equality a little more thoroughly 'absolutedir' does a thorough job ensuring that we have a "real" path to both source and build directory, unencumbered by symbolic links. However, that isn't enough on case insensitive file systems on Unix flavored platforms, where it's possible to stand in, for example, /PATH/TO/Work/openssl, and then do this: perl ../../work/openssl/Configure ... and thereby having it look like the source directory and the build directory aren't the same. We solve this by having a closer look at the computed source and build directories, and making sure they are exactly the same strings if they are in fact the same directory. This is especially important when making symbolic links based on this directories, but may have other ramifications as well. Fixes #12323 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12337) (cherry picked from commit 610e2b3b7019b11d97f1dcda13575254a2c65c3d) ----------------------------------------------------------------------- Summary of changes: Configure | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 29f8b4dd4b..1d73d06e1b 100755 --- a/Configure +++ b/Configure @@ -217,12 +217,22 @@ sub resolve_config; # Unified build supports separate build dir my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax + +# File::Spec::Unix doesn't detect case insensitivity, so we make sure to +# check if the source and build directory are really the same, and make +# them so. This avoids all kinds of confusion later on. +# We must check @File::Spec::ISA rather than using File::Spec->isa() to +# know if File::Spec ended up loading File::Spec::Unix. +$srcdir = $blddir + if (grep(/::Unix$/, @File::Spec::ISA) + && samedir($srcdir, $blddir)); + my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; -$config{sourcedir} = abs2rel($srcdir); -$config{builddir} = abs2rel($blddir); +$config{sourcedir} = abs2rel($srcdir, $blddir); +$config{builddir} = abs2rel($blddir, $blddir); # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -3427,6 +3437,27 @@ sub absolutedir { return realpath($dir); } +# Check if all paths are one and the same, using stat. They must both exist +# We need this for the cases when File::Spec doesn't detect case insensitivity +# (File::Spec::Unix assumes case sensitivity) +sub samedir { + die "samedir expects two arguments\n" unless scalar @_ == 2; + + my @stat0 = stat($_[0]); # First argument + my @stat1 = stat($_[1]); # Second argument + + die "Couldn't stat $_[0]" unless @stat0; + die "Couldn't stat $_[1]" unless @stat1; + + # Compare device number + return 0 unless ($stat0[0] == $stat1[0]); + # Compare "inode". The perl manual recommends comparing as + # string rather than as number. + return 0 unless ($stat0[1] eq $stat1[1]); + + return 1; # All the same +} + sub quotify { my %processors = ( perl => sub { my $x = shift; From builds at travis-ci.com Thu Jul 2 23:48:34 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 02 Jul 2020 23:48:34 +0000 Subject: Errored: openssl/openssl#35920 (master - 610e2b3) In-Reply-To: Message-ID: <5efe7251d2f85_13f8a2d80e6b0203596@travis-pro-tasks-55984bc66c-mp5qz.mail> Build Update for openssl/openssl ------------------------------------- Build: #35920 Status: Errored Duration: 2 hrs, 30 mins, and 38 secs Commit: 610e2b3 (master) Author: Richard Levitte Message: Configure: Check source and build dir equality a little more thoroughly 'absolutedir' does a thorough job ensuring that we have a "real" path to both source and build directory, unencumbered by symbolic links. However, that isn't enough on case insensitive file systems on Unix flavored platforms, where it's possible to stand in, for example, /PATH/TO/Work/openssl, and then do this: perl ../../work/openssl/Configure ... and thereby having it look like the source directory and the build directory aren't the same. We solve this by having a closer look at the computed source and build directories, and making sure they are exactly the same strings if they are in fact the same directory. This is especially important when making symbolic links based on this directories, but may have other ramifications as well. Fixes #12323 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12337) View the changeset: https://github.com/openssl/openssl/compare/9576c498ca87...610e2b3b7019 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174090698?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Jul 2 23:51:44 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 02 Jul 2020 23:51:44 +0000 Subject: [openssl] master update Message-ID: <1593733904.754542.24319.nullmailer@dev.openssl.org> The branch master has been updated via 0c4444121cfe21e70ecf12580c4f9f5423c43905 (commit) from 610e2b3b7019b11d97f1dcda13575254a2c65c3d (commit) - Log ----------------------------------------------------------------- commit 0c4444121cfe21e70ecf12580c4f9f5423c43905 Author: Jakub Wilk Date: Tue Jun 30 22:50:17 2020 +0200 doc: Remove stray backtick CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12329) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-enc.pod.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index d5af8a93e8..6971de51ad 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -316,7 +316,7 @@ standard data format and performs the needed key/iv/nonce management. desx DESX algorithm. gost89 GOST 28147-89 in CFB mode (provided by ccgost engine) - gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine) + gost89-cnt GOST 28147-89 in CNT mode (provided by ccgost engine) idea-cbc IDEA algorithm in CBC mode idea same as idea-cbc From pauli at openssl.org Fri Jul 3 00:00:39 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 03 Jul 2020 00:00:39 +0000 Subject: [openssl] master update Message-ID: <1593734439.839995.14629.nullmailer@dev.openssl.org> The branch master has been updated via e7869ef137491213753166edd23f7ba33fb34446 (commit) from 0c4444121cfe21e70ecf12580c4f9f5423c43905 (commit) - Log ----------------------------------------------------------------- commit e7869ef137491213753166edd23f7ba33fb34446 Author: Jon Spillett Date: Wed Jul 1 14:47:15 2020 +1000 Fix up build issue when running cpp tests Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12334) ----------------------------------------------------------------------- Summary of changes: include/openssl/fipskey.h.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/openssl/fipskey.h.in b/include/openssl/fipskey.h.in index 2b7568c284..eaa1798772 100644 --- a/include/openssl/fipskey.h.in +++ b/include/openssl/fipskey.h.in @@ -27,4 +27,8 @@ extern "C" { */ #define FIPS_KEY_STRING "{- $config{FIPSKEY} -}" +# ifdef __cplusplus +} +# endif + #endif From openssl at openssl.org Fri Jul 3 01:43:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 03 Jul 2020 01:43:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1593740627.334404.15737.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=2526, 625 wallclock secs ( 6.32 usr 0.94 sys + 587.76 cusr 38.02 csys = 633.04 CPU) Result: FAIL Makefile:3132: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3130: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Jul 3 02:56:04 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 02:56:04 +0000 Subject: Errored: openssl/openssl#35925 (master - 0c44441) In-Reply-To: Message-ID: <5efe9e445ee0e_13fcf26eb329818368b@travis-pro-tasks-6fd6d487fb-mg58z.mail> Build Update for openssl/openssl ------------------------------------- Build: #35925 Status: Errored Duration: 1 hr, 2 mins, and 50 secs Commit: 0c44441 (master) Author: Jakub Wilk Message: doc: Remove stray backtick CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12329) View the changeset: https://github.com/openssl/openssl/compare/610e2b3b7019...0c4444121cfe View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174145304?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 3 04:17:32 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 04:17:32 +0000 Subject: Errored: openssl/openssl#35926 (master - e7869ef) In-Reply-To: Message-ID: <5efeb15c70258_13fe5123bd63413479b@travis-pro-tasks-6fd6d487fb-cv2bx.mail> Build Update for openssl/openssl ------------------------------------- Build: #35926 Status: Errored Duration: 1 hr, 9 mins, and 34 secs Commit: e7869ef (master) Author: Jon Spillett Message: Fix up build issue when running cpp tests Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12334) View the changeset: https://github.com/openssl/openssl/compare/0c4444121cfe...e7869ef13749 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174145830?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 3 07:07:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 03 Jul 2020 07:07:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1593760048.182574.26898.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=2499, 809 wallclock secs ( 8.82 usr 1.30 sys + 751.57 cusr 51.05 csys = 812.74 CPU) Result: FAIL Makefile:3086: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3084: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Fri Jul 3 07:12:56 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 03 Jul 2020 07:12:56 +0000 Subject: [openssl] master update Message-ID: <1593760376.644943.11397.nullmailer@dev.openssl.org> The branch master has been updated via ea4ee152a7aa022dd87f193cc6e16a7ffbfb455a (commit) from e7869ef137491213753166edd23f7ba33fb34446 (commit) - Log ----------------------------------------------------------------- commit ea4ee152a7aa022dd87f193cc6e16a7ffbfb455a Author: Richard Levitte Date: Thu Jul 2 00:08:45 2020 +0200 Configure: fix handling of build.info attributes with value This line wasn't properly handled: SCRIPTS{misc,linkname=tsget}=tsget.pl It generated an attribute "linkname=tsget" with the value 1, instead of what it should have, an attribute "linkname" with the value "tsget". Fixes #12341 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12344) ----------------------------------------------------------------------- Summary of changes: Configure | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index 3a86e74fdc..b8dfeec477 100755 --- a/Configure +++ b/Configure @@ -1978,10 +1978,10 @@ if ($builder eq "unified") { my $ac = 1; my $ak = $a; my $av = 1; - if ($a =~ m|^(!)?(.*?)\s* = \s*(.*?)$|) { + if ($a =~ m|^(!)?(.*?)\s* = \s*(.*?)$|x) { $ac = ! $1; - $ak = $1; - $av = $2; + $ak = $2; + $av = $3; } foreach my $g (@goals) { if ($ac) { From openssl at openssl.org Fri Jul 3 07:30:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 03 Jul 2020 07:30:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1593761439.980333.6585.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=204, Tests=2599, 829 wallclock secs ( 8.45 usr 1.30 sys + 775.53 cusr 56.61 csys = 841.89 CPU) Result: FAIL Makefile:3122: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3120: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Fri Jul 3 08:13:39 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 03 Jul 2020 08:13:39 +0000 Subject: [openssl] master update Message-ID: <1593764019.115205.21962.nullmailer@dev.openssl.org> The branch master has been updated via 94fcec0902ec6df54a6286f61e35fa6f93815fd6 (commit) via a812549108150b53023ed62e92e8b43c9414a15e (commit) via e4522e1059a4ab32024277706f271200e0cb601b (commit) from ea4ee152a7aa022dd87f193cc6e16a7ffbfb455a (commit) - Log ----------------------------------------------------------------- commit 94fcec0902ec6df54a6286f61e35fa6f93815fd6 Author: Dr. David von Oheimb Date: Sat Jun 27 15:45:58 2020 +0200 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12279) commit a812549108150b53023ed62e92e8b43c9414a15e Author: Dr. David von Oheimb Date: Wed Jun 24 12:13:38 2020 +0200 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12279) commit e4522e1059a4ab32024277706f271200e0cb601b Author: Dr. David von Oheimb Date: Wed Jun 24 12:12:20 2020 +0200 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) Make the improved semantics of VFO replace the previous VF and remove VFO Add warnings about overriding use of HARNESS_VERBOSE* variables Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12279) ----------------------------------------------------------------------- Summary of changes: INSTALL.md | 6 +++--- test/README.md | 13 +++++-------- test/run_tests.pl | 32 ++++++++++++++++++-------------- 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 3b993585d2..6989410e87 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1603,9 +1603,9 @@ that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). You may want increased verbosity, that can be accomplished as described in section [Test Failures of test/README.md](test/README.md#test-failures). -You may want to selectively specify which test(s) to perform. This can be done -sing the `make` variable `TESTS` as described in section [Running Selected Tests -of test/README.md](test/README.md#running-selected-tests). +You may also want to selectively specify which test(s) to perform. This can be +done using the `make` variable `TESTS` as described in section [Running +Selected Tests of test/README.md](test/README.md#running-selected-tests). If you find a problem with OpenSSL itself, try removing any compiler optimization flags from the `CFLAGS` line in the Makefile and diff --git a/test/README.md b/test/README.md index 76bf1b17aa..a9e0c827d1 100644 --- a/test/README.md +++ b/test/README.md @@ -27,21 +27,18 @@ Full verbosity, showing full output of all successful and failed test cases $ mms /macro=(V=1) test ! OpenVMS $ nmake V=1 test # Windows -Verbosity on test failure (`VERBOSE_FAILURE` or `VF`, Unix example shown): +Verbosity on failed (sub-)tests only +(`VERBOSE_FAILURE` or `VF` or `REPORT_FAILURES`): $ make test VF=1 -Verbosity on failed (sub-)tests only (`VERBOSE_FAILURES_ONLY` or `VFO`): - - $ make test VFO=1 - Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests -(`VERBOSE_FAILURES_PROGRESS` or `VFP`): +(`VERBOSE_FAILURE_PROGRESS` or `VFP` or `REPORT_FAILURES_PROGRESS`): $ make test VFP=1 If you want to run just one or a few specific tests, you can use -the `make` variable `TESTS` to specify them, like this: +the make variable TESTS to specify them, like this: $ make TESTS='test_rsa test_dsa' test # Unix $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS @@ -50,7 +47,7 @@ the `make` variable `TESTS` to specify them, like this: And of course, you can combine (Unix examples shown): $ make test TESTS='test_rsa test_dsa' VF=1 - $ make test TESTS="test_cmp_*" VFO=1 + $ make test TESTS="test_cmp_*" VFP=1 You can find the list of available tests like this: diff --git a/test/run_tests.pl b/test/run_tests.pl index 5eddaf8468..d47f7cf1e6 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -9,15 +9,16 @@ use strict; use warnings; -# Recognise VERBOSE and V which is common on other projects. -# Additionally, also recognise VERBOSE_FAILURE and VF. +# Recognise VERBOSE aka V which is common on other projects. +# Additionally, recognise VERBOSE_FAILURE aka VF aka REPORT_FAILURES +# and recognise VERBOSE_FAILURE_PROGRESS aka VFP aka REPORT_FAILURES_PROGRESS. BEGIN { $ENV{HARNESS_VERBOSE} = "yes" if $ENV{VERBOSE} || $ENV{V}; - $ENV{HARNESS_VERBOSE_FAILURE} = "yes" if $ENV{VERBOSE_FAILURE} || $ENV{VF}; - $ENV{HARNESS_VERBOSE_FAILURES_ONLY} = "yes" - if $ENV{VERBOSE_FAILURES_ONLY} || $ENV{VFO}; - $ENV{HARNESS_VERBOSE_FAILURES_PROGRESS} = "yes" - if $ENV{VERBOSE_FAILURES_PROGRESS} || $ENV{VFP}; + $ENV{HARNESS_VERBOSE_FAILURE} = "yes" + if $ENV{VERBOSE_FAILURE} || $ENV{VF} || $ENV{REPORT_FAILURES}; + $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS} = "yes" + if ($ENV{VERBOSE_FAILURE_PROGRESS} || $ENV{VFP} + || $ENV{REPORT_FAILURES_PROGRESS}); } use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/; @@ -53,9 +54,13 @@ $tapargs{jobs} = $jobs if defined $jobs; my %openssl_args = (); $openssl_args{'failure_verbosity'} = $ENV{HARNESS_VERBOSE} ? 0 : - $ENV{HARNESS_VERBOSE_FAILURE} ? 3 : - $ENV{HARNESS_VERBOSE_FAILURES_PROGRESS} ? 2 : - $ENV{HARNESS_VERBOSE_FAILURES_ONLY} ? 1 : 0; + $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS} ? 2 : + 1; # $ENV{HARNESS_VERBOSE_FAILURE} +print "Warning: HARNESS_VERBOSE overrides HARNESS_VERBOSE_FAILURE*\n" + if ($ENV{HARNESS_VERBOSE} && ($ENV{HARNESS_VERBOSE_FAILURE} + || $ENV{HARNESS_VERBOSE_FAILURE_PROGRESS})); +print "Warning: HARNESS_VERBOSE_FAILURE_PROGRESS overrides HARNESS_VERBOSE_FAILURE\n" + if ($ENV{HARNESS_VERBOSE_FAILURE_PROGRESS} && $ENV{HARNESS_VERBOSE_FAILURE}); my $outfilename = $ENV{HARNESS_TAP_COPY}; open $openssl_args{'tap_copy'}, ">$outfilename" @@ -153,9 +158,7 @@ $eres = eval { if defined $fh; my $failure_verbosity = $openssl_args{failure_verbosity}; - if ($failure_verbosity == 3) { - push @failure_output, $self->as_string; - } elsif ($failure_verbosity > 0) { + if ($failure_verbosity > 0) { my $is_plan = $self->is_plan; my $tests_planned = $is_plan && $self->tests_planned; my $is_test = $self->is_test; @@ -180,6 +183,7 @@ $eres = eval { print $output_buffer if !$is_ok; print "\n".$self->as_string if !$is_ok || $failure_verbosity == 2; + print "\n# ------------------------------------------------------------------------------" if !$is_ok; $output_buffer = ""; } elsif ($self->as_string ne "") { # typically is_comment or is_unknown @@ -201,7 +205,7 @@ $eres = eval { print $_, "\n" foreach (("", @failure_output)); } # Echo any trailing comments etc. - print "$output_buffer" if $failure_verbosity != 3; + print "$output_buffer"; }; } From builds at travis-ci.com Fri Jul 3 09:05:51 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 09:05:51 +0000 Subject: Errored: openssl/openssl#35930 (master - ea4ee15) In-Reply-To: Message-ID: <5efef4ef3ac85_13fcff42a604410113b@travis-pro-tasks-d5b68d64-7s2zd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35930 Status: Errored Duration: 1 hr, 20 mins, and 24 secs Commit: ea4ee15 (master) Author: Richard Levitte Message: Configure: fix handling of build.info attributes with value This line wasn't properly handled: SCRIPTS{misc,linkname=tsget}=tsget.pl It generated an attribute "linkname=tsget" with the value 1, instead of what it should have, an attribute "linkname" with the value "tsget". Fixes #12341 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12344) View the changeset: https://github.com/openssl/openssl/compare/e7869ef13749...ea4ee152a7aa View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174169290?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 3 10:28:40 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 10:28:40 +0000 Subject: Errored: openssl/openssl#35931 (master - 94fcec0) In-Reply-To: Message-ID: <5eff0858f0da8_13f91e97a6c7c362612@travis-pro-tasks-d5b68d64-pvcfn.mail> Build Update for openssl/openssl ------------------------------------- Build: #35931 Status: Errored Duration: 2 hrs, 0 mins, and 26 secs Commit: 94fcec0 (master) Author: Dr. David von Oheimb Message: test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12279) View the changeset: https://github.com/openssl/openssl/compare/ea4ee152a7aa...94fcec0902ec View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174175604?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Fri Jul 3 11:40:03 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 03 Jul 2020 11:40:03 +0000 Subject: [openssl] master update Message-ID: <1593776403.699752.28609.nullmailer@dev.openssl.org> The branch master has been updated via 64bb6276d17cc78c15e0bbea2cce899ba9b6778d (commit) via 89137609606a1195091c1edb4741c67c06f878a5 (commit) from 94fcec0902ec6df54a6286f61e35fa6f93815fd6 (commit) - Log ----------------------------------------------------------------- commit 64bb6276d17cc78c15e0bbea2cce899ba9b6778d Author: Dr. David von Oheimb Date: Tue Jun 23 08:04:54 2020 +0200 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12280) commit 89137609606a1195091c1edb4741c67c06f878a5 Author: Dr. David von Oheimb Date: Tue Jun 23 08:03:59 2020 +0200 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12280) ----------------------------------------------------------------------- Summary of changes: test/recipes/81-test_cmp_cli.t | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 82441327fe..385c259729 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -55,7 +55,6 @@ my @cmp_basic_tests = ( my $rsp_cert = "signer_only.crt"; my $outfile = "test.cert.pem"; my $secret = "pass:test"; -my $localport = 1700; # this uses the mock server directly in the cmp app, without TCP sub use_mock_srv_internally @@ -163,8 +162,8 @@ sub test_cmp_cli { my $actual_exit = shift; my $OK = $actual_exit == $expected_exit; if ($faillog && !$OK) { - sub quote_spc_empty(_) { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ }; - my $invocation = ("$path_app ").join(' ', map quote_spc_empty @$params); + my $quote_spc_empty = sub { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ }; + my $invocation = "$path_app ".join(' ', map $quote_spc_empty->($_), @$params); print $faillog "$server_name $aspect \"$title\" ($i/$n)". " expected=$expected_exit actual=$actual_exit\n"; print $faillog "$invocation\n\n"; @@ -206,11 +205,11 @@ indir data_dir() => sub { foreach my $server_name (@server_configurations) { $server_name = chop_dblquot($server_name); load_config($server_name, $server_name); - my $launch_mock = $server_name eq "Mock" && !$ENV{OPENSSL_CMP_CONFIG}; - if ($launch_mock) { + my $pid; + if ($server_name eq "Mock") { indir "Mock" => sub { - stop_mock_server(); # in case a previous run did not exit properly - start_mock_server("") || die "Cannot start CMP mock server"; + $pid = start_mock_server(""); + die "Cannot start CMP mock server" unless $pid; } } foreach my $aspect (@all_aspects) { @@ -222,7 +221,7 @@ indir data_dir() => sub { test_cmp_cli_aspect($server_name, $aspect, $tests); }; }; - stop_mock_server() if $launch_mock; + stop_mock_server($pid) if $pid; }; }; @@ -285,19 +284,21 @@ sub load_tests { } sub mock_server_pid { - return `lsof -iTCP:$localport -sTCP:LISTEN | tail -n 1 | awk '{ print \$2 }'`; + return `lsof -iTCP:$server_port -sTCP:LISTEN | tail -n 1 | awk '{ print \$2 }'`; } sub start_mock_server { - return 0 if mock_server_pid(); # already running my $args = $_[0]; # optional further CLI arguments my $dir = bldtop_dir(""); - return system("LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " . - bldtop_dir($app) . " -config server.cnf " . - "$args &") == 0; # start in background, check for success + my $cmd = "LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " . + bldtop_dir($app) . " -config server.cnf $args"; + my $pid = mock_server_pid(); + return $pid if $pid; # already running + return system("$cmd &") == 0 # start in background, check for success + ? (sleep 1, mock_server_pid()) : 0; } sub stop_mock_server { - my $pid = mock_server_pid(); + my $pid = $_[0]; system("kill $pid") if $pid; } From openssl at openssl.org Fri Jul 3 12:28:26 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 03 Jul 2020 12:28:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1593779306.708891.2884.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=2526, 808 wallclock secs ( 8.50 usr 1.23 sys + 753.35 cusr 55.03 csys = 818.11 CPU) Result: FAIL Makefile:3125: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3123: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Jul 3 13:24:05 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 13:24:05 +0000 Subject: Failed: openssl/openssl#35934 (master - 64bb627) In-Reply-To: Message-ID: <5eff31746a339_13fed7b8b7b641743cb@travis-pro-tasks-754d87fdc-fttvr.mail> Build Update for openssl/openssl ------------------------------------- Build: #35934 Status: Failed Duration: 58 mins and 8 secs Commit: 64bb627 (master) Author: Dr. David von Oheimb Message: 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12280) View the changeset: https://github.com/openssl/openssl/compare/94fcec0902ec...64bb6276d17c View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174199549?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Jul 3 16:34:08 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 03 Jul 2020 16:34:08 +0000 Subject: [openssl] master update Message-ID: <1593794048.456463.7245.nullmailer@dev.openssl.org> The branch master has been updated via 5b393802ede77d6b5678e69c3ba9854042726aa1 (commit) via ca3245a61989009a99931748723d12e30d0a66b2 (commit) via 5a640713f34d4b9b6bf9520a46b0c8ee3334d8bf (commit) from 64bb6276d17cc78c15e0bbea2cce899ba9b6778d (commit) - Log ----------------------------------------------------------------- commit 5b393802ede77d6b5678e69c3ba9854042726aa1 Author: Matt Caswell Date: Wed Jul 1 11:19:58 2020 +0100 Don't run the cmp_cli tests if using FUZZING_BUILD_MODE [extended tests] Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12275) commit ca3245a61989009a99931748723d12e30d0a66b2 Author: Matt Caswell Date: Thu Jun 25 16:10:54 2020 +0100 If an empty password is supplied still try to use it If an empty password was supplied we ignored it and were trying to use the fallback method to read the password instead (i.e. read from stdin). However if that failed (which it always does if the cmp option -batch is used) then we were reporting that we had successfully read the password without actually setting one. Instead, if an empty password is explicitly provided we should use it. If no password is supplied explicitly and we have no fallback method then we assume the empty password. [extended tests] Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12275) commit 5a640713f34d4b9b6bf9520a46b0c8ee3334d8bf Author: Matt Caswell Date: Thu Jun 25 12:21:07 2020 +0100 Ensure a string is properly terminated in http_client.c In HTTP_new_bio(), if the host has a trailing '/' we took a copy of the hostname but failed to terminate it properly. Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12275) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps_ui.c | 15 +++++++++------ crypto/http/http_client.c | 13 +++++++++---- test/recipes/81-test_cmp_cli.t | 11 ++++++++--- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c index 2a6e01ec10..13f8670d9f 100644 --- a/apps/lib/apps_ui.c +++ b/apps/lib/apps_ui.c @@ -20,7 +20,7 @@ static int ui_open(UI *ui) { int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method); - if (opener) + if (opener != NULL) return opener(ui); return 1; } @@ -37,7 +37,8 @@ static int ui_read(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password && password[0] != '\0') { + + if (password != NULL) { UI_set_result(ui, uis, password); return 1; } @@ -52,8 +53,10 @@ static int ui_read(UI *ui, UI_STRING *uis) } reader = UI_method_get_reader(ui_fallback_method); - if (reader) + if (reader != NULL) return reader(ui, uis); + /* Default to the empty password if we've got nothing better */ + UI_set_result(ui, uis, ""); return 1; } @@ -82,7 +85,7 @@ static int ui_write(UI *ui, UI_STRING *uis) } writer = UI_method_get_writer(ui_fallback_method); - if (writer) + if (writer != NULL) return writer(ui, uis); return 1; } @@ -91,7 +94,7 @@ static int ui_close(UI *ui) { int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method); - if (closer) + if (closer != NULL) return closer(ui); return 1; } @@ -112,7 +115,7 @@ int setup_ui_method(void) void destroy_ui_method(void) { - if (ui_method) { + if (ui_method != NULL) { UI_destroy_method(ui_method); ui_method = NULL; } diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index a8dda0050a..3e1be1f569 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -712,10 +712,15 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */, } host_end = strchr(host, '/'); - if (host_end != NULL && (size_t)(host_end - host) < sizeof(host_name)) { - /* chop trailing string starting with '/' */ - strncpy(host_name, host, host_end - host + 1); - host = host_name; + if (host_end != NULL) { + size_t host_len = host_end - host; + + if (host_len < sizeof(host_name)) { + /* chop trailing string starting with '/' */ + strncpy(host_name, host, host_len); + host_name[host_len] = '\0'; + host = host_name; + } } cbio = BIO_new_connect(host /* optionally includes ":port" */); diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 385c259729..32239ef35b 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -14,18 +14,23 @@ use warnings; use POSIX; use File::Spec::Functions qw/catfile/; use File::Compare qw/compare_text/; -use OpenSSL::Test qw/:DEFAULT with data_file data_dir bldtop_dir/; +use OpenSSL::Test qw/:DEFAULT with data_file data_dir srctop_dir bldtop_dir/; use OpenSSL::Test::Utils; use Data::Dumper; # for debugging purposes only -setup("test_cmp_cli"); +BEGIN { + setup("test_cmp_cli"); +} +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; plan skip_all => "These tests are not supported in a no-cmp build" if disabled("cmp"); plan skip_all => "These tests are not supported in a no-ec build" if disabled("ec"); plan skip_all => "These tests are not supported in a fuzz build" - if !disabled("fuzz-libfuzzer") || !disabled("fuzz-afl"); + if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/; plan skip_all => "Tests involving server not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32)$/; From matt at openssl.org Fri Jul 3 16:38:50 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 03 Jul 2020 16:38:50 +0000 Subject: [openssl] master update Message-ID: <1593794330.067278.11287.nullmailer@dev.openssl.org> The branch master has been updated via bb2d726d75c062513b796d6c76c2a1ea9ff27e24 (commit) from 5b393802ede77d6b5678e69c3ba9854042726aa1 (commit) - Log ----------------------------------------------------------------- commit bb2d726d75c062513b796d6c76c2a1ea9ff27e24 Author: Matt Caswell Date: Wed Jul 1 09:30:53 2020 +0100 Fix a typo in the i2d_TYPE_fp documentation Thanks to Michael Mueller on the openssl-users list for the suggested improvement. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12338) ----------------------------------------------------------------------- Summary of changes: doc/man3/d2i_X509.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 4dea774fb6..fdf6c1d669 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -453,7 +453,7 @@ the encoding of the structure I to BIO I and it returns 1 for success and 0 for failure. B_fp>() is similar to B>() except it writes -the encoding of the structure I to BIO I and it +the encoding of the structure I to FILE pointer I and it returns 1 for success and 0 for failure. These routines do not encrypt private keys and therefore offer no From builds at travis-ci.com Fri Jul 3 19:09:40 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 19:09:40 +0000 Subject: Still Failing: openssl/openssl#35936 (master - 5b39380) In-Reply-To: Message-ID: <5eff8273a776e_13f96eaa146ac359593@travis-pro-tasks-5cff58568c-6j2st.mail> Build Update for openssl/openssl ------------------------------------- Build: #35936 Status: Still Failing Duration: 11 mins and 19 secs Commit: 5b39380 (master) Author: Matt Caswell Message: Don't run the cmp_cli tests if using FUZZING_BUILD_MODE [extended tests] Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12275) View the changeset: https://github.com/openssl/openssl/compare/64bb6276d17c...5b393802ede7 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174231322?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 3 19:34:23 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 03 Jul 2020 19:34:23 +0000 Subject: Still Failing: openssl/openssl#35937 (master - bb2d726) In-Reply-To: Message-ID: <5eff883e6295e_13f803b5a5e742173eb@travis-pro-tasks-5cff58568c-frqhj.mail> Build Update for openssl/openssl ------------------------------------- Build: #35937 Status: Still Failing Duration: 1 hr, 2 mins, and 59 secs Commit: bb2d726 (master) Author: Matt Caswell Message: Fix a typo in the i2d_TYPE_fp documentation Thanks to Michael Mueller on the openssl-users list for the suggested improvement. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12338) View the changeset: https://github.com/openssl/openssl/compare/5b393802ede7...bb2d726d75c0 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174231643?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 3 20:13:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 03 Jul 2020 20:13:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1593807192.764624.11881.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=2602, 865 wallclock secs ( 8.69 usr 1.33 sys + 765.05 cusr 56.27 csys = 831.34 CPU) Result: FAIL Makefile:3113: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3111: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jul 4 04:30:13 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 04:30:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1593837013.771105.4849.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4111: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3081: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From levitte at openssl.org Sat Jul 4 08:33:27 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 04 Jul 2020 08:33:27 +0000 Subject: [openssl] master update Message-ID: <1593851607.784093.16737.nullmailer@dev.openssl.org> The branch master has been updated via 16328e9f6cc8bcd5ff5fef09b78374134de1f1e1 (commit) via b2bed3c6e53fd8e439bae6a66860d31ce994bb70 (commit) from bb2d726d75c062513b796d6c76c2a1ea9ff27e24 (commit) - Log ----------------------------------------------------------------- commit 16328e9f6cc8bcd5ff5fef09b78374134de1f1e1 Author: Richard Levitte Date: Wed Jul 1 12:17:40 2020 +0200 NOTE.WIN: suggest the audetecting configuration variant as well Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12339) commit b2bed3c6e53fd8e439bae6a66860d31ce994bb70 Author: Richard Levitte Date: Wed Jul 1 12:04:24 2020 +0200 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries OpenSSL::config::guess_system() is supposed to return system triplets. However, for Windows and VMS, it returned the final OpenSSL config target instead. We move the entries for them to the table that OpenSSL::config::map_guess() uses, so it can properly convert the input triplet to an OpenSSL config target. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12339) ----------------------------------------------------------------------- Summary of changes: NOTES.WIN | 3 ++- util/perl/OpenSSL/config.pm | 26 ++++++++++++++------------ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/NOTES.WIN b/NOTES.WIN index a5792647af..5151107707 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -59,7 +59,8 @@ 5. From the root of the OpenSSL source directory enter perl Configure VC-WIN32 if you want 32-bit OpenSSL or - perl Configure VC-WIN64A if you want 64-bit OpenSSL + perl Configure VC-WIN64A if you want 64-bit OpenSSL or + perl Configure to let Configure figure out the platform 6. nmake diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 46dad98d08..7a37399bca 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -160,18 +160,6 @@ my $guess_patterns = [ [ 'CYGWIN.*', '${MACHINE}-pc-cygwin' ], [ 'vxworks.*', '${MACHINE}-whatever-vxworks' ], - # Windows values found by looking at Perl 5's win32/win32.c - [ 'Windows NT:.*:amd64', 'VC-WIN64A' ], - [ 'Windows NT:.*:ia64', 'VC-WIN64I' ], - [ 'Windows NT:.*:x86', 'VC-WIN32' ], - - # VMS values found by observation on existing machinery. Unfortunately, - # the machine part is a bit... overdone. It seems, though, that 'Alpha' - # exists in that part, making it distinguishable from Itanium. It will - # be interesting to see what we'll get in the upcoming x86_64 port... - [ 'OpenVMS:.*?:.*?:.*?:.*Alpha.*', 'vms-alpha' ], - [ 'OpenVMS:.*', 'vms-ia64' ], - [ sub { -d '/usr/apollo' }, 'whatever-apollo-whatever' ], ]; @@ -859,6 +847,20 @@ EOF return %config; } ], + + # Windows values found by looking at Perl 5's win32/win32.c + [ 'amd64-.*?-Windows NT', { target => 'VC-WIN64A' } ], + [ 'ia64-.*?-Windows NT', { target => 'VC-WIN64I' } ], + [ 'x86-.*?-Windows NT', { target => 'VC-WIN32' } ], + + # VMS values found by observation on existing machinery. + # Unfortunately, the machine part is a bit... overdone. It seems, + # though, that 'Alpha' exists in that part for Alphas, making it + # distinguishable from Itanium. It will be interesting to see what + # we'll get in the upcoming x86_64 port... + [ '.*Alpha.*?-.*?-OpenVMS', { target => 'vms-alpha' } ], + [ '.*?-.*?-OpenVMS', { target => 'vms-ia64' } ], + ]; # Map GUESSOS into OpenSSL terminology. From levitte at openssl.org Sat Jul 4 08:35:18 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 04 Jul 2020 08:35:18 +0000 Subject: [openssl] master update Message-ID: <1593851718.818892.21076.nullmailer@dev.openssl.org> The branch master has been updated via 1cafbb799a373f0d6ba55843fd51692e14c0fe09 (commit) from 16328e9f6cc8bcd5ff5fef09b78374134de1f1e1 (commit) - Log ----------------------------------------------------------------- commit 1cafbb799a373f0d6ba55843fd51692e14c0fe09 Author: Richard Levitte Date: Wed Jul 1 07:39:06 2020 +0200 util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ This entry added the macro B_ENDIAN when it shouldn't have. Fixes #12332 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12335) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/config.pm | 1 - 1 file changed, 1 deletion(-) diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 7a37399bca..e72eadc8a9 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -609,7 +609,6 @@ EOF ], [ 'armv[1-3].*-.*-linux2', { target => "linux-generic32" } ], [ 'armv[7-9].*-.*-linux2', { target => "linux-armv4", - defines => [ 'B_ENDIAN' ], cflags => [ '-march=armv7-a' ], cxxflags => [ '-march=armv7-a' ] } ], [ 'arm.*-.*-linux2', { target => "linux-armv4" } ], From levitte at openssl.org Sat Jul 4 08:39:18 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 04 Jul 2020 08:39:18 +0000 Subject: [openssl] master update Message-ID: <1593851958.085724.26726.nullmailer@dev.openssl.org> The branch master has been updated via 3a19f1a9dd16f5855a7e2a42cd3e7f136f849bd3 (commit) from 1cafbb799a373f0d6ba55843fd51692e14c0fe09 (commit) - Log ----------------------------------------------------------------- commit 3a19f1a9dd16f5855a7e2a42cd3e7f136f849bd3 Author: Richard Levitte Date: Thu Jul 2 18:48:16 2020 +0200 Configuration and build: Fix solaris tags The shared_target attrribute for Solaris built with gcc wasn't right and shared libraries couldn't be properly built. Fixes #12356 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12360) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- util/mkdef.pl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index c30954f27d..5baab6f306 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -225,7 +225,7 @@ my %targets = ( "solaris-common-gcc" => { inherit_from => [ "solaris-common" ], template => 1, - shared_target => "solaris-gcc", # The rest is on shared_info.pl + shared_target => "solaris-gcc-shared", # The rest is on shared_info.pl }, #### Solaris x86 with GNU C setups "solaris-x86-gcc" => { diff --git a/util/mkdef.pl b/util/mkdef.pl index a7d353f3db..5e02c7dafb 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -107,6 +107,7 @@ my %OS_data = ( solaris => { writer => \&writer_linux, sort => sorter_linux(), platforms => { UNIX => 1 } }, + "solaris-gcc" => 'solaris', # alias linux => 'solaris', # alias "bsd-gcc" => 'solaris', # alias aix => { writer => \&writer_aix, From openssl at openssl.org Sat Jul 4 09:18:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 09:18:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1593854303.059013.20717.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4116: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3086: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Sat Jul 4 10:02:09 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 04 Jul 2020 10:02:09 +0000 Subject: Still Failing: openssl/openssl#35944 (master - 16328e9) In-Reply-To: Message-ID: <5f0053a0d1c45_13fb7aad2f900114430@travis-pro-tasks-6ffc648ffd-hvmbj.mail> Build Update for openssl/openssl ------------------------------------- Build: #35944 Status: Still Failing Duration: 47 mins and 30 secs Commit: 16328e9 (master) Author: Richard Levitte Message: NOTE.WIN: suggest the audetecting configuration variant as well Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12339) View the changeset: https://github.com/openssl/openssl/compare/bb2d726d75c0...16328e9f6cc8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174275481?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Jul 4 12:56:37 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 04 Jul 2020 12:56:37 +0000 Subject: Still Failing: openssl/openssl#35945 (master - 1cafbb7) In-Reply-To: Message-ID: <5f007c858d166_13fd0ac00a5e854086@travis-pro-tasks-5874f5c89d-vgqd7.mail> Build Update for openssl/openssl ------------------------------------- Build: #35945 Status: Still Failing Duration: 11 mins and 50 secs Commit: 1cafbb7 (master) Author: Richard Levitte Message: util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ This entry added the macro B_ENDIAN when it shouldn't have. Fixes #12332 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12335) View the changeset: https://github.com/openssl/openssl/compare/16328e9f6cc8...1cafbb799a37 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174275513?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat Jul 4 13:24:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 13:24:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1593869079.386819.13260.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=2602, 868 wallclock secs ( 8.60 usr 1.35 sys + 775.88 cusr 54.95 csys = 840.78 CPU) Result: FAIL Makefile:3124: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3122: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jul 4 16:02:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 16:02:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1593878559.449720.4389.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=204, Tests=2599, 808 wallclock secs ( 8.71 usr 1.12 sys + 754.58 cusr 54.13 csys = 818.54 CPU) Result: FAIL Makefile:3133: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3131: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Sat Jul 4 16:10:11 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 04 Jul 2020 16:10:11 +0000 Subject: Still Failing: openssl/openssl#35946 (master - 3a19f1a) In-Reply-To: Message-ID: <5f00a9e2b42a1_13ff2093a90cc139566@travis-pro-tasks-5874f5c89d-bmgw5.mail> Build Update for openssl/openssl ------------------------------------- Build: #35946 Status: Still Failing Duration: 10 mins and 21 secs Commit: 3a19f1a (master) Author: Richard Levitte Message: Configuration and build: Fix solaris tags The shared_target attrribute for Solaris built with gcc wasn't right and shared libraries couldn't be properly built. Fixes #12356 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12360) View the changeset: https://github.com/openssl/openssl/compare/1cafbb799a37...3a19f1a9dd16 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174275583?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat Jul 4 18:36:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 18:36:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1593887789.750786.20678.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=2601, 828 wallclock secs ( 8.66 usr 1.21 sys + 773.74 cusr 54.33 csys = 837.94 CPU) Result: FAIL Makefile:3125: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3123: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jul 4 20:53:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 20:53:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1593895991.301316.28664.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=2601, 821 wallclock secs ( 8.51 usr 1.20 sys + 767.82 cusr 55.95 csys = 833.48 CPU) Result: FAIL Makefile:3121: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3119: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jul 4 21:38:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 04 Jul 2020 21:38:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1593898711.704770.19938.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 610e2b3b70 Configure: Check source and build dir equality a little more thoroughly 9576c498ca [test/README.md] minor fix of examples missing the test target af3e8c298a Travis: default to HARNESS_JOBS=4 a20c9075d6 Run tests in parallel 587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY 94941cada2 Free pre_proc_exts in SSL_free() 69f982679e doc: remove reference to the predecessor of SHA-1. 0577959cea Don't forget our provider ctx when resetting b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' 0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests 4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs 4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert 023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc. 5188d0d55c Fix a typo on the SSL_dup page 9beffaf695 Fix CID-1464802 2c9ba46c90 Force ssl/tls protocol flags to use stream sockets 64fdea12be rand: include the CPU source in a build. 7f791b25eb rand: fix CPU and timer sources. 3121425830 Add --fips-key configuration parameter to fipsinstall application. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=2523, 784 wallclock secs ( 7.61 usr 1.17 sys + 730.91 cusr 51.28 csys = 790.97 CPU) Result: FAIL Makefile:3116: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3114: recipe for target 'tests' failed make: *** [tests] Error 2 From matthias.st.pierre at ncp-e.com Sat Jul 4 23:50:52 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sat, 04 Jul 2020 23:50:52 +0000 Subject: [openssl] master update Message-ID: <1593906652.801190.10263.nullmailer@dev.openssl.org> The branch master has been updated via 8c1cbc72105ffd493b48e65f8f5fd3657dedb28c (commit) from 3a19f1a9dd16f5855a7e2a42cd3e7f136f849bd3 (commit) - Log ----------------------------------------------------------------- commit 8c1cbc72105ffd493b48e65f8f5fd3657dedb28c Author: Gustaf Neumann Date: Mon Jun 29 21:13:07 2020 +0200 Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12320) ----------------------------------------------------------------------- Summary of changes: .github/PULL_REQUEST_TEMPLATE.md | 2 +- INSTALL.md | 14 +++++++------- NEWS.md | 14 +++++++------- NOTES.ANDROID | 4 ++-- NOTES.VMS | 2 +- NOTES.WIN | 6 +++--- doc/internal/man3/OPENSSL_SA.pod | 2 +- doc/internal/man3/s2i_ASN1_UTF8STRING.pod | 2 +- doc/internal/man7/DERlib.pod | 4 ++-- doc/internal/man7/EVP_PKEY.pod | 5 ++--- doc/internal/man7/build.info.pod | 2 +- doc/man1/openssl-ca.pod.in | 2 +- doc/man1/openssl-cmp.pod.in | 2 +- doc/man1/openssl-dsa.pod.in | 2 +- doc/man1/openssl-enc.pod.in | 2 +- doc/man1/openssl-pkcs12.pod.in | 2 +- doc/man1/openssl-pkcs8.pod.in | 2 +- doc/man1/openssl-pkeyutl.pod.in | 2 +- doc/man1/openssl-s_client.pod.in | 6 +++--- doc/man1/openssl-s_server.pod.in | 4 ++-- doc/man1/openssl-s_time.pod.in | 4 ++-- doc/man1/openssl-sess_id.pod.in | 2 +- doc/man1/openssl.pod | 2 +- doc/man3/ASN1_INTEGER_get_int64.pod | 2 +- doc/man3/ASN1_STRING_length.pod | 2 +- doc/man3/ASN1_TYPE_get.pod | 2 +- doc/man3/ASYNC_WAIT_CTX_new.pod | 4 ++-- doc/man3/ASYNC_start_job.pod | 2 +- doc/man3/BF_encrypt.pod | 2 +- doc/man3/BIO_ADDR.pod | 2 +- doc/man3/BIO_ADDRINFO.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_s_bio.pod | 2 +- doc/man3/BIO_set_callback.pod | 2 +- doc/man3/CMS_verify.pod | 2 +- doc/man3/CRYPTO_THREAD_run_once.pod | 2 +- doc/man3/DH_set_method.pod | 2 +- doc/man3/DSA_set_method.pod | 2 +- doc/man3/DTLSv1_listen.pod | 2 +- doc/man3/ECDSA_SIG_new.pod | 2 +- doc/man3/EC_GROUP_new.pod | 2 +- doc/man3/EC_POINT_new.pod | 2 +- doc/man3/ENGINE_add.pod | 16 ++++++++-------- doc/man3/EVP_DigestInit.pod | 4 ++-- doc/man3/EVP_DigestSignInit.pod | 6 +++--- doc/man3/EVP_DigestVerifyInit.pod | 6 +++--- doc/man3/EVP_EncodeInit.pod | 2 +- doc/man3/EVP_EncryptInit.pod | 8 ++++---- doc/man3/EVP_KDF.pod | 2 +- doc/man3/EVP_OpenInit.pod | 2 +- doc/man3/EVP_PKEY_CTX_new.pod | 2 +- doc/man3/EVP_PKEY_derive.pod | 2 +- doc/man3/EVP_PKEY_fromdata.pod | 2 +- doc/man3/EVP_PKEY_sign.pod | 2 +- doc/man3/EVP_PKEY_verify.pod | 2 +- doc/man3/EVP_PKEY_verify_recover.pod | 2 +- doc/man3/EVP_RAND.pod | 6 +++--- doc/man3/EVP_SealInit.pod | 2 +- doc/man3/EVP_SignInit.pod | 4 ++-- doc/man3/EVP_VerifyInit.pod | 4 ++-- doc/man3/EVP_set_default_properties.pod | 2 +- doc/man3/OPENSSL_LH_COMPFUNC.pod | 2 +- doc/man3/OPENSSL_config.pod | 2 +- doc/man3/OPENSSL_ia32cap.pod | 2 +- doc/man3/OPENSSL_s390xcap.pod | 2 +- doc/man3/OSSL_CMP_log_open.pod | 4 ++-- doc/man3/OSSL_PARAM_int.pod | 4 ++-- doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod | 2 +- doc/man3/PEM_read_bio_PrivateKey.pod | 4 ++-- doc/man3/PKCS7_verify.pod | 2 +- doc/man3/RAND_DRBG_set_callbacks.pod | 4 ++-- doc/man3/RSA_private_encrypt.pod | 4 ++-- doc/man3/RSA_set_method.pod | 2 +- doc/man3/SRP_create_verifier.pod | 2 +- doc/man3/SSL_CONF_cmd.pod | 6 +++--- doc/man3/SSL_CTX_set1_curves.pod | 2 +- doc/man3/SSL_CTX_set_generate_session_id.pod | 4 ++-- doc/man3/SSL_CTX_set_options.pod | 2 +- doc/man3/SSL_CTX_set_psk_client_callback.pod | 2 +- doc/man3/SSL_CTX_set_session_cache_mode.pod | 2 +- doc/man3/SSL_CTX_set_session_id_context.pod | 2 +- doc/man3/SSL_CTX_set_session_ticket_cb.pod | 2 +- doc/man3/SSL_CTX_set_split_send_fragment.pod | 2 +- doc/man3/SSL_CTX_set_tlsext_servername_callback.pod | 2 +- doc/man3/SSL_CTX_use_psk_identity_hint.pod | 2 +- doc/man3/SSL_get_all_async_fds.pod | 4 ++-- doc/man3/SSL_get_error.pod | 4 ++-- doc/man3/SSL_pending.pod | 2 +- doc/man3/SSL_read.pod | 2 +- doc/man3/SSL_read_early_data.pod | 4 ++-- doc/man3/SSL_set_bio.pod | 8 +++----- doc/man3/UI_create_method.pod | 2 +- doc/man3/X509V3_get_d2i.pod | 2 +- doc/man3/X509_LOOKUP_meth_new.pod | 2 +- doc/man3/X509_STORE_CTX_new.pod | 6 +++--- doc/man3/X509_STORE_CTX_set_verify_cb.pod | 2 +- doc/man3/X509_check_host.pod | 2 +- doc/man3/X509_check_purpose.pod | 4 ++-- doc/man3/d2i_X509.pod | 2 +- doc/man5/x509v3_config.pod | 2 +- doc/man7/EVP_KDF-KRB5KDF.pod | 2 +- doc/man7/EVP_PKEY-DH.pod | 2 +- doc/man7/EVP_PKEY-X25519.pod | 2 +- doc/man7/evp.pod | 12 ++++++------ doc/man7/provider-base.pod | 4 ++-- fuzz/README.md | 2 +- util/find-doc-nits | 1 + 107 files changed, 170 insertions(+), 172 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 191d9c9174..85cfb3741c 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -5,7 +5,7 @@ Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING. Other than that, provide a description above this comment if there isn't one already -If this fixes a github issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message. +If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message. --> ##### Checklist diff --git a/INSTALL.md b/INSTALL.md index 6989410e87..5686415ad8 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -167,7 +167,7 @@ Use the following commands to build OpenSSL: ### Windows If you are using Visual Studio, open a Developer Command Prompt and -and issue the following commands to build OpenSSL. +issue the following commands to build OpenSSL. $ perl Configure $ nmake @@ -192,7 +192,7 @@ paragraphs carefully before you install OpenSSL. For security reasons the default system location is by default not writable for unprivileged users. So for the final installation step administrative privileges are required. The default system location and the procedure to -obtain administrative privileges depends on the operating sytem. +obtain administrative privileges depends on the operating system. It is recommended to compile and test OpenSSL with normal user privileges and use administrative privileges only for the final installation step. @@ -482,8 +482,8 @@ be a hex string no more than 64 characters. Enable and Disable Features --------------------------- -Feature options always come in pairs, an option to enable feature `xxxx`, and -and option to disable it: +Feature options always come in pairs, an option to enable feature +`xxxx`, and an option to disable it: [ enable-xxxx | no-xxxx ] @@ -852,7 +852,7 @@ Don't build with support for multi-threaded applications. ### threads Build with support for multi-threaded applications. Most platforms will enable -this by default. However if on a platform where this is not the case then this +this by default. However, if on a platform where this is not the case then this will usually require additional system-dependent options! See [Notes on multi-threading](#notes-on-multi-threading) below. @@ -1457,7 +1457,7 @@ described here. Examine the Makefiles themselves for the full list. Only install the OpenSSL man pages (Unix only). install_html_docs - Only install the OpenSSL html documentation. + Only install the OpenSSL HTML documentation. list-tests Prints a list of all the self test names. @@ -1683,7 +1683,7 @@ to deliver random bytes and a "PRNG not seeded error" will occur. The seeding method can be configured using the `--with-rand-seed` option, which can be used to specify a comma separated list of seed methods. -However in most cases OpenSSL will choose a suitable default method, +However, in most cases OpenSSL will choose a suitable default method, so it is not necessary to explicitly provide this option. Note also that not all methods are available on all platforms. diff --git a/NEWS.md b/NEWS.md index 1d36a903f1..9985bbfd05 100644 --- a/NEWS.md +++ b/NEWS.md @@ -27,7 +27,7 @@ OpenSSL 3.0 will not be accidentially used. * The algorithm specific public key command line applications have been deprecated. These include dhparam, gendsa and others. The pkey - alternatives should be used intead: pkey, pkeyparam and genpkey. + alternatives should be used instead: pkey, pkeyparam and genpkey. * X509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to @@ -57,12 +57,12 @@ OpenSSL 3.0 * Removed the heartbeat message in DTLS feature. * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF bridge. - * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, + * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and Whirlpool digest functions have been deprecated. - * All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, + * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, RC4, RC5 and SEED cipher functions have been deprecated. - * All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions + * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions have been deprecated. * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. @@ -681,7 +681,7 @@ OpenSSL 1.0.0 Known issues in OpenSSL 1.0.0m: * EAP-FAST and other applications using tls_session_secret_cb - wont resume sessions. Fixed in 1.0.0n-dev + won't resume sessions. Fixed in 1.0.0n-dev * Compilation failure of s3_pkt.c on some platforms due to missing `` include. Fixed in 1.0.0n-dev @@ -1189,7 +1189,7 @@ OpenSSL 0.9.x * Enhanced chain verification using key identifiers. * New sign and verify options to 'dgst' application. * Support for DER and PEM encoded messages in 'smime' application. - * New 'rsautl' application, low level RSA utility. + * New 'rsautl' application, low-level RSA utility. * MD4 now included. * Bugfix for SSL rollback padding check. * Support for external crypto devices [1]. @@ -1241,7 +1241,7 @@ OpenSSL 0.9.x * BIGNUM library bug fixes * Faster DSA parameter generation * Enhanced support for Alpha Linux - * Experimental MacOS support + * Experimental macOS support ### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] diff --git a/NOTES.ANDROID b/NOTES.ANDROID index 0173eca73b..087d5e6f49 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -6,8 +6,8 @@ ------------------- Beside basic tools like perl and make you'll need to download the Android - NDK. It's available for Linux, Mac OS X and Windows, but only Linux - version was actually tested. There is no reason to believe that Mac OS X + NDK. It's available for Linux, macOS and Windows, but only Linux + version was actually tested. There is no reason to believe that macOS wouldn't work. And as for Windows, it's unclear which "shell" would be suitable, MSYS2 might have best chances. NDK version should play lesser role, the goal is to support a range of most recent versions. diff --git a/NOTES.VMS b/NOTES.VMS index d6a336ff7c..c82e231ad7 100644 --- a/NOTES.VMS +++ b/NOTES.VMS @@ -18,7 +18,7 @@ An ANSI C compiled is needed among other things. This means that VAX C is not and will not be supported. - We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require + We have only tested with DEC C (aka HP VMS C / VSI C) and require version 7.1 or later. Compiling with a different ANSI C compiler may require some work. diff --git a/NOTES.WIN b/NOTES.WIN index 5151107707..683e40671e 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -18,7 +18,7 @@ For this option you can use Cygwin. - Visual C++ native builds, a.k.a. VC-* + Visual C++ native builds, aka VC-* ===================================== Requirement details @@ -100,7 +100,7 @@ is, of course, to choose a different set of directories by using --prefix and --openssldir when configuring. - Special notes for Universal Windows Platform builds, a.k.a. VC-*-UWP + Special notes for Universal Windows Platform builds, aka VC-*-UWP -------------------------------------------------------------------- - UWP targets only support building the static and dynamic libraries. @@ -119,7 +119,7 @@ MSYS2 provides GNU tools, a Unix-like command prompt, and a UNIX compatibility layer for applications. - However in this context it is only used for building OpenSSL. + However, in this context it is only used for building OpenSSL. The resulting OpenSSL does not rely on MSYS2 to run and is fully native. Requirement details diff --git a/doc/internal/man3/OPENSSL_SA.pod b/doc/internal/man3/OPENSSL_SA.pod index 1a6e027418..cc775830e9 100644 --- a/doc/internal/man3/OPENSSL_SA.pod +++ b/doc/internal/man3/OPENSSL_SA.pod @@ -69,7 +69,7 @@ elements. After this call I is no longer valid. B_doall>() calls the function I for each element in I in ascending index order. The index position, within the sparse array, of each item is passed as the first argument to the leaf function and a -pointer to the associated value is is passed as the second argument. +pointer to the associated value is passed as the second argument. B_doall_arg>() calls the function I for each element in I in ascending index order. The index position, within the sparse diff --git a/doc/internal/man3/s2i_ASN1_UTF8STRING.pod b/doc/internal/man3/s2i_ASN1_UTF8STRING.pod index 9b806eb80b..b6d1375189 100644 --- a/doc/internal/man3/s2i_ASN1_UTF8STRING.pod +++ b/doc/internal/man3/s2i_ASN1_UTF8STRING.pod @@ -18,7 +18,7 @@ s2i_ASN1_UTF8STRING =head1 DESCRIPTION These functions convert OpenSSL objects to and from their ASN.1/string -representation. This function is used for B extentions. +representation. This function is used for B extensions. =head1 NOTES diff --git a/doc/internal/man7/DERlib.pod b/doc/internal/man7/DERlib.pod index 7b0e7225f0..2577df0caa 100644 --- a/doc/internal/man7/DERlib.pod +++ b/doc/internal/man7/DERlib.pod @@ -7,7 +7,7 @@ DERlib - internal OpenSSL DER library =head1 DESCRIPTION OpenSSL contains an internal small DER reading and writing library, -as an alternative to the publically known i2d and d2i functions. It's +as an alternative to the publicly known i2d and d2i functions. It's solely constituted of functions that work as building blocks to create more similar functions to encode and decode larger structures. @@ -47,7 +47,7 @@ which is defined like this in ASN.1 terms: r INTEGER, s INTEGER } -With the DER library, this is the correspoding code, given two OpenSSL +With the DER library, this is the corresponding code, given two OpenSSL Bs I and I: int ok = DER_w_begin_sequence(pkt, -1) diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod index a37ca9eecc..00d4df57f5 100644 --- a/doc/internal/man7/EVP_PKEY.pod +++ b/doc/internal/man7/EVP_PKEY.pod @@ -19,12 +19,11 @@ private/public key key pairs, but has had other uses as well. =for comment "uses" could as well be "abuses"... -It can contain the legacy form of keys -- i.e. pointers to the low -level key types, such as B, B and B --, but also the +It can contain the legacy form of keys -- i.e. pointers to the low-level key types, such as B, B and B --, but also the provided form of keys -- i.e. pointers to provider side key data. Those two forms are mutually exclusive; an B instance can't contain both a key in legacy form and in provided form. Regardless of -form, this key is commonly refered to as the "origin". +form, this key is commonly referred to as the "origin". An B also contains a cache of provider side copies of the key, each adapted for the provider that is going to use that copy to diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod index 2049868fc6..5a2fdd13ed 100644 --- a/doc/internal/man7/build.info.pod +++ b/doc/internal/man7/build.info.pod @@ -610,7 +610,7 @@ B. For OpenSSL::Template documentation, C -L +L =head1 COPYRIGHT diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 22a0cb40d8..519f5f4eed 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -253,7 +253,7 @@ DNs match the order of the request. This is not needed for Xenroll. =item B<-noemailDN> The DN of a certificate can contain the EMAIL field if present in the -request DN, however it is good policy just having the e-mail set into +request DN, however, it is good policy just having the e-mail set into the altName extension of the certificate. When this option is set the EMAIL field is removed from the certificate' subject and set only in the, eventually present, extensions. The B keyword can be diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 0d05e7fb98..b148afb2dc 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -1104,7 +1104,7 @@ This prints information about all received ITAV Bs to stdout. For CMP client invocations, in particular for certificate enrollment, usually many parameters need to be set, which is tedious and error-prone to do on the command line. -Therefore the client offers the possibility to read +Therefore, the client offers the possibility to read options from sections of the OpenSSL config file, usually called B. The values found there can still be extended and even overridden by any subsequently loaded sections and on the command line. diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in index f3d1a9423c..2db0407821 100644 --- a/doc/man1/openssl-dsa.pod.in +++ b/doc/man1/openssl-dsa.pod.in @@ -62,7 +62,7 @@ The input and formats; the default is B. See L for details. Private keys are a sequence of B: the version (zero), B
, -B, B, and the public and and private key components. Public keys +B, B, and the public and private key components. Public keys are a B structure with the B type. The B format also accepts PKCS#8 data. diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index 6971de51ad..dcbeb8877b 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -241,7 +241,7 @@ a strong block cipher, such as AES, in CBC mode. All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to -be performed. However since the chance of random data passing the test +be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. If padding is disabled then the input data must be a multiple of the cipher diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index da5214d563..7d0629b376 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -244,7 +244,7 @@ This option is only interpreted by MSIE and similar MS software. Normally encryption purposes but arbitrary length keys for signing. The B<-keysig> option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and SSL client -authentication, however due to a bug only MSIE 5.0 and later support +authentication, however, due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication. =item B<-macalg> I diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in index 0729302053..719e3d9168 100644 --- a/doc/man1/openssl-pkcs8.pod.in +++ b/doc/man1/openssl-pkcs8.pod.in @@ -248,7 +248,7 @@ one million iterations of the password: Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +keys produced and therefore, it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index d823f0b851..2bcbb54c57 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -43,7 +43,7 @@ B B =head1 DESCRIPTION -This command can be used to perform low level public key +This command can be used to perform low-level public key operations using any supported algorithm. =head1 OPTIONS diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 367e59e925..e8f73cdb99 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -192,7 +192,7 @@ When used with the B<-proxy> flag, the program will attempt to authenticate with the specified proxy using basic (base64) authentication. NB: Basic authentication is insecure; the credentials are sent to the proxy in easily reversible base64 encoding before any TLS/SSL session is established. -Therefore these credentials are easily recovered by anyone able to sniff/trace +Therefore, these credentials are easily recovered by anyone able to sniff/trace the network. Use with caution. =item B<-proxy_pass> I @@ -854,14 +854,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using this command, the CA list can be viewed -and checked. However some servers only request client authentication +and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefore merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 28ef15ea56..07cde67cde 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -433,9 +433,9 @@ For more information on shutting down a connection, see L. =item B<-id_prefix> I Generate SSL/TLS session IDs prefixed by I. This is mostly useful -for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session -IDs (eg. with a certain prefix). +IDs (e.g. with a certain prefix). =item B<-verify_return_error> diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in index 0f9f055591..90e54f03c2 100644 --- a/doc/man1/openssl-s_time.pod.in +++ b/doc/man1/openssl-s_time.pod.in @@ -157,14 +157,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using L the CA list can be -viewed and checked. However some servers only request client authentication +viewed and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option of L and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefore merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. =head1 BUGS diff --git a/doc/man1/openssl-sess_id.pod.in b/doc/man1/openssl-sess_id.pod.in index 1318283028..67cc0e7e2d 100644 --- a/doc/man1/openssl-sess_id.pod.in +++ b/doc/man1/openssl-sess_id.pod.in @@ -136,7 +136,7 @@ This is the return code when an SSL client certificate is verified. Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this -information. Therefore appropriate security precautions should be taken if +information. Therefore, appropriate security precautions should be taken if the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes. diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index dee181d264..dbab509be4 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -1125,7 +1125,7 @@ a string and leading or trailing spaces. =item B Escape the "special" characters in a field as required by RFC 2254 in a field. -That is, the B character and and of C<()*>. +That is, the B character and of C<()*>. =item B diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index 53a9143800..49f7ca3ac0 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -81,7 +81,7 @@ instead. In general an B or B type can contain an integer of almost arbitrary size and so cannot always be represented by a C -B type. However in many cases (for example version numbers) they +B type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod index e3cf8bb2d0..909a3af1ca 100644 --- a/doc/man3/ASN1_STRING_length.pod +++ b/doc/man3/ASN1_STRING_length.pod @@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, and for an UTF8String it will be in UTF8 format. +character in big endian format, and for a UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). diff --git a/doc/man3/ASN1_TYPE_get.pod b/doc/man3/ASN1_TYPE_get.pod index a7a3083aa1..c34572345f 100644 --- a/doc/man3/ASN1_TYPE_get.pod +++ b/doc/man3/ASN1_TYPE_get.pod @@ -68,7 +68,7 @@ only return zero if the values are the same. If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the return value is nonzero. Technically if both parameters are NULL the two -types could be absent OPTIONAL fields and so should match, however passing +types could be absent OPTIONAL fields and so should match, however, passing NULL values could also indicate a programming error (for example an unparsable type which returns NULL) for types which do B match. So applications should handle the case of two absent values separately. diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index 62eef297d8..ad6fe31a55 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -67,7 +67,7 @@ associated with that job in I<*fd>. The number of file descriptors returned will be stored in I<*numfds>. It is the caller's responsibility to ensure that sufficient memory has been allocated in I<*fd> to receive all the file descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL I value will -return no file descriptors but will still populate I<*numfds>. Therefore +return no file descriptors but will still populate I<*numfds>. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only @@ -195,7 +195,7 @@ ASYNC_WAIT_CTX_get_status() returns the engine status. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod index d4c6a19e61..24ef7fcbf2 100644 --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -170,7 +170,7 @@ otherwise. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. diff --git a/doc/man3/BF_encrypt.pod b/doc/man3/BF_encrypt.pod index adea85e1c9..b4a335076d 100644 --- a/doc/man3/BF_encrypt.pod +++ b/doc/man3/BF_encrypt.pod @@ -68,7 +68,7 @@ recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where B is simply initialized to zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while -BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter B, which is a pointer to an integer where the current diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod index 73c2819985..bcd83b5a14 100644 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -42,7 +42,7 @@ BIO_ADDR_free() frees a B created with BIO_ADDR_new(). BIO_ADDR_clear() clears any data held within the provided B and sets it back to an uninitialised state. -BIO_ADDR_rawmake() takes a protocol B, an byte array of +BIO_ADDR_rawmake() takes a protocol B, a byte array of size B with an address in network byte order pointed at by B and a port number in network byte order in B (except for the B protocol family, where B is meaningless and diff --git a/doc/man3/BIO_ADDRINFO.pod b/doc/man3/BIO_ADDRINFO.pod index 404dd77e08..e1fe5a8e0d 100644 --- a/doc/man3/BIO_ADDRINFO.pod +++ b/doc/man3/BIO_ADDRINFO.pod @@ -94,7 +94,7 @@ information they should return isn't available. The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() function. On Linux it is known that specifying 0 for the protocol will not -return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP +return any SCTP based addresses when calling getaddrinfo(). Therefore, if an SCTP address is required then the B parameter to BIO_lookup_ex() should be explicitly set to IPPROTO_SCTP. The same may be true on other platforms. diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index c8e3386375..5cff74f10e 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -123,7 +123,7 @@ Filter BIOs if they do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant BIO. However this can cause +be automatically passed to the relevant BIO. However, this can cause unexpected results: for example no current filter BIOs implement BIO_seek(), but this may still succeed if the chain ends in a FILE or file descriptor BIO. diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod index 0f4ea77d6d..a5a66c5e8f 100644 --- a/doc/man3/BIO_s_bio.pod +++ b/doc/man3/BIO_s_bio.pod @@ -144,7 +144,7 @@ without having to go through the SSL-interface. ... BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); SSL_set_bio(ssl, internal_bio, internal_bio); - SSL_operations(); /* e.g SSL_read and SSL_write */ + SSL_operations(); /* e.g. SSL_read and SSL_write */ ... application | TLS-engine diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod index eb329f527b..975fef78d2 100644 --- a/doc/man3/BIO_set_callback.pod +++ b/doc/man3/BIO_set_callback.pod @@ -31,7 +31,7 @@ BIO_callback_fn_ex, BIO_callback_fn =head1 DESCRIPTION BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO -callback. The callback is called during most high level BIO operations. It can +callback. The callback is called during most high-level BIO operations. It can be used for debugging purposes to trace operations on a BIO or to modify its operation. diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index a3dfb420b0..d56540290f 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -98,7 +98,7 @@ useful if one merely wishes to write the content to B and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod index ab7ff878be..dd0d21a9de 100644 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -93,7 +93,7 @@ On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore it is defined as an +one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required. diff --git a/doc/man3/DH_set_method.pod b/doc/man3/DH_set_method.pod index ef8dbbcb4c..4782a766d4 100644 --- a/doc/man3/DH_set_method.pod +++ b/doc/man3/DH_set_method.pod @@ -52,7 +52,7 @@ DH_set_method() selects B to perform all operations using the key B. This will replace the DH_METHOD used by the DH key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DH keys that only work with certain DH_METHOD -implementations (eg. from an ENGINE module that supports embedded +implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results. diff --git a/doc/man3/DSA_set_method.pod b/doc/man3/DSA_set_method.pod index 0895e7ad0b..2a3f111b31 100644 --- a/doc/man3/DSA_set_method.pod +++ b/doc/man3/DSA_set_method.pod @@ -46,7 +46,7 @@ DSA_set_method() selects B to perform all operations using the key B. This will replace the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DSA keys that only -work with certain DSA_METHOD implementations (eg. from an ENGINE module +work with certain DSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results. See L for information on constructing custom DSA_METHOD diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index ebbb9b8bc6..cb4c73d41a 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -35,7 +35,7 @@ message then the amplification attack has succeeded. If DTLS is used over UDP (or any datagram based protocol that does not validate the source IP) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as TCP). -If TCP is being used then there is no need to use SSL_stateless(). However some +If TCP is being used then there is no need to use SSL_stateless(). However, some stream-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index f9f62543d8..6b31cbaf0a 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -5,7 +5,7 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, -ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) +ECDSA_do_sign_ex - low-level elliptic curve digital signature algorithm (ECDSA) functions =head1 SYNOPSIS diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 76fed3b246..2866b32c33 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -99,7 +99,7 @@ I. EC_GROUP_set_curve() sets the curve parameters I

, I and I. For a curve over Fp I

is the prime for the field. For a curve over F2^m I

represents the irreducible polynomial - each bit represents a term in the polynomial. -Therefore there will either be three or five bits set dependent on whether the +Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, I and I represents the coefficients a and b from the relevant equation introduced above. diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod index 84b11ee0c0..83b61feb7f 100644 --- a/doc/man3/EC_POINT_new.pod +++ b/doc/man3/EC_POINT_new.pod @@ -156,7 +156,7 @@ above maps in such rare circumstances. Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve -there will only ever be two possible values for y. Therefore a point can be set +there will only ever be two possible values for y. Therefore, a point can be set using the EC_POINT_set_compressed_coordinates() function where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index 307540d3e1..1d07f5df83 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -181,7 +181,7 @@ implementation includes the following abstractions; =head2 Reference counting and handles Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be -treated as handles - ie. not only as pointers, but also as references to +treated as handles - i.e. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and released) independently. @@ -252,7 +252,7 @@ operational ENGINE for a given cryptographic purpose. To obtain a functional reference from an existing structural reference, call the ENGINE_init() function. This returns zero if the ENGINE was not -already operational and couldn't be successfully initialised (eg. lack of +already operational and couldn't be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will return nonzero to indicate that the ENGINE is now operational and will have allocated a new B reference to the ENGINE. All functional @@ -260,7 +260,7 @@ references are released by calling ENGINE_finish() (which removes the implicit structural reference as well). The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by ENGINE_get_default_RSA(), +default implementation for a given task, e.g. by ENGINE_get_default_RSA(), ENGINE_get_default_cipher_engine(), etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant @@ -278,7 +278,7 @@ In the case of other abstractions like RSA, DSA, etc, there is only one "algorithm" so all implementations implicitly register using the same 'nid' index. -When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. +When a default ENGINE is requested for a given abstraction/algorithm/mode, (e.g. when calling RSA_new_method(NULL)), a "get_default" call will be made to the ENGINE subsystem to process the corresponding state table and return a functional reference to an initialised ENGINE whose implementation should be @@ -328,7 +328,7 @@ is something for the application to control. Some applications will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any ENGINE that is able to -successfully initialise - ie. to assume that this corresponds to +successfully initialise - i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a @@ -417,7 +417,7 @@ so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an ENGINE B attempting to initialise it, ie. before +passed to an ENGINE B attempting to initialise it, i.e. before calling ENGINE_init(). The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after ENGINE_init(), or @@ -490,7 +490,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. +ENGINE, i.e. the ENGINE's ctrl() handler is not used for the control command. openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the @@ -556,7 +556,7 @@ by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an ENGINE -supports certain specific commands it might want to use (eg. application "foo" +supports certain specific commands it might want to use (e.g. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension). diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 370b685bf8..3308ebe500 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -101,7 +101,7 @@ EVP_MD_do_all_provided =head1 DESCRIPTION -The EVP digest routines are a high level interface to message digests, +The EVP digest routines are a high-level interface to message digests, and should be used instead of the digest-specific functions. The B type is a structure for digest method implementation. @@ -536,7 +536,7 @@ This function has no return value. =head1 NOTES The B interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. New applications should use the SHA-2 (such as L) or the SHA-3 diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 68391dd1ff..69dec1c74d 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -23,7 +23,7 @@ EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. Input data is digested first before the signing takes place. EVP_DigestSignInit_ex() sets up signing context I to use a digest with the @@ -37,7 +37,7 @@ the properties to be used during the fetch. The I algorithm is used to fetch a B method implicitly, to be used for the actual signing. See L for -more information about implict fetches. +more information about implicit fetches. The OpenSSL default and legacy providers support fetching digests and can fetch those digests from any available provider. The OpenSSL fips provider also @@ -138,7 +138,7 @@ The error codes can be obtained from L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestSign() is a one shot operation which signs a single block of data diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 617178bd19..9ea0014a5a 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -22,7 +22,7 @@ EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. Input data is digested first before the signature verification takes place. EVP_DigestVerifyInit_ex() sets up verification context B to use a digest @@ -36,7 +36,7 @@ for the properties to be used during the fetch. The I algorithm is used to fetch a B method implicitly, to be used for the actual signing. See L for -more information about implict fetches. +more information about implicit fetches. The OpenSSL default and legacy providers support fetching digests and can fetch those digests from any available provider. The OpenSSL fips provider also @@ -130,7 +130,7 @@ The error codes can be obtained from L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestVerify() is a one shot operation which verifies a single block of diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod index 0a8cbaab71..b0d00fa4b5 100644 --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -29,7 +29,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines =head1 DESCRIPTION -The EVP encode routines provide a high level interface to base 64 encoding and +The EVP encode routines provide a high-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 88d0e7dabc..36efb4090d 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -165,7 +165,7 @@ EVP_CIPHER_do_all_provided =head1 DESCRIPTION -The EVP cipher routines are a high level interface to certain +The EVP cipher routines are a high-level interface to certain symmetric ciphers. The B type is a structure for cipher method implementation. @@ -558,7 +558,7 @@ Sets the CCM B value. If not set a default is used (8 for AES). =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Sets the CCM nonce (IV) length. This call can only be made before specifying an +Sets the CCM nonce (IV) length. This call can only be made before specifying a nonce value. The nonce length is given by B<15 - L> so it is 7 by default for AES. @@ -642,10 +642,10 @@ This call is only valid when decrypting data. =head1 NOTES Where possible the B interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the B interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low level interfaces do not provide the +acceleration such as AES-NI (the low-level interfaces do not provide the guarantee). PKCS padding works by adding B padding bytes of value B to make the total diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 7d6228a73d..5bf7994de8 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -48,7 +48,7 @@ EVP_KDF_gettable_params - EVP KDF routines =head1 DESCRIPTION -The EVP KDF routines are a high level interface to Key Derivation Function +The EVP KDF routines are a high-level interface to Key Derivation Function algorithms and should be used instead of algorithm-specific functions. After creating a B for the required algorithm using diff --git a/doc/man3/EVP_OpenInit.pod b/doc/man3/EVP_OpenInit.pod index b9a7aee738..b84f767245 100644 --- a/doc/man3/EVP_OpenInit.pod +++ b/doc/man3/EVP_OpenInit.pod @@ -16,7 +16,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index c3fc4c55ca..2634ee4a20 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -57,7 +57,7 @@ If I is NULL, nothing is done. =head2 On B The B structure is an opaque public key algorithm context used -by the OpenSSL high level public key API. Contexts B be shared between +by the OpenSSL high-level public key API. Contexts B be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index 1bce4f3844..5bfb316382 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -19,7 +19,7 @@ EVP_PKEY_derive_init() initializes a public key algorithm context I for shared secret derivation using the algorithm given when the context was created using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L for -more information about implict fetches. +more information about implicit fetches. EVP_PKEY_derive_set_peer() sets the peer key: this will normally be a public key. diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod index 526109386e..e3003674e3 100644 --- a/doc/man3/EVP_PKEY_fromdata.pod +++ b/doc/man3/EVP_PKEY_fromdata.pod @@ -22,7 +22,7 @@ The functions described here are used to create new keys from user provided key data, such as I, I and I for a minimal RSA keypair. -These functions use an B context, which should primarly +These functions use an B context, which should primarily be created with L or L. diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod index a11c1c6813..bd65bd9237 100644 --- a/doc/man3/EVP_PKEY_sign.pod +++ b/doc/man3/EVP_PKEY_sign.pod @@ -20,7 +20,7 @@ EVP_PKEY_sign_init() initializes a public key algorithm context I for signing using the algorithm given when the context was created using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L -for more information about implict fetches. +for more information about implicit fetches. The EVP_PKEY_sign() function performs a public key signing operation using I. The data to be signed is specified using the I and diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod index b44da85c4c..c41525246a 100644 --- a/doc/man3/EVP_PKEY_verify.pod +++ b/doc/man3/EVP_PKEY_verify.pod @@ -20,7 +20,7 @@ EVP_PKEY_verify_init() initializes a public key algorithm context I for signing using the algorithm given when the context was created using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L -for more information about implict fetches. +for more information about implicit fetches. The EVP_PKEY_verify() function performs a public key verification operation using I. The signature is specified using the I and diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index 8be999333b..bde2d3a8c1 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -20,7 +20,7 @@ EVP_PKEY_verify_recover_init() initializes a public key algorithm context I for signing using the algorithm given when the context was created using L or variants thereof. The algorithm is used to fetch a B method implicitly, see L -for more information about implict fetches. +for more information about implicit fetches. The EVP_PKEY_verify_recover() function recovers signed data using I. The signature is specified using the I and diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index c79f5e6548..5cf62fa359 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -71,7 +71,7 @@ EVP_RAND_STATE_ERROR - EVP RAND routines =head1 DESCRIPTION -The EVP RAND routines are a high level interface to random number generators +The EVP RAND routines are a high-level interface to random number generators both deterministic and not. If you just want to generate random bytes then you don't need to use these functions: just call RAND_bytes() or RAND_priv_bytes(). @@ -204,7 +204,7 @@ States defined by the OpenSSL DRBGs are: =item * -EVP_RAND_STATE_UNINITIALISED: this DRBG is currently uninitalised. +EVP_RAND_STATE_UNINITIALISED: this DRBG is currently uninitialised. The instantiate call will change this to the ready state. =item * @@ -343,7 +343,7 @@ EVP_RAND_CTX_free() does not return a value. EVP_RAND_nonce() returns the length of the nonce. -EVP_RAND_strength() returns the strenght of the random number generator in bits. +EVP_RAND_strength() returns the strength of the random number generator in bits. EVP_RAND_gettable_params(), EVP_RAND_gettable_ctx_params() and EVP_RAND_settable_ctx_params() return an array of OSSL_PARAMs. diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod index 73d9bb7531..35f2d876ae 100644 --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -17,7 +17,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope encryption. They generate a random key and IV (if required) then "envelope" it by using public key encryption. Data can then be encrypted using this key. diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 4bdd4fbe50..13bba5b507 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital +The EVP signature routines are a high-level interface to digital signatures. EVP_SignInit_ex() sets up signing context I to use digest @@ -48,7 +48,7 @@ The error codes can be obtained by L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. When signing with DSA private keys the random number generator must be seeded. diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index 50afdcf8ce..deb9b387de 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -19,7 +19,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal =head1 DESCRIPTION -The EVP signature verification routines are a high level interface to digital +The EVP signature verification routines are a high-level interface to digital signatures. EVP_VerifyInit_ex() sets up verification context B to use digest @@ -49,7 +49,7 @@ The error codes can be obtained by L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. diff --git a/doc/man3/EVP_set_default_properties.pod b/doc/man3/EVP_set_default_properties.pod index 9135742bb2..e22f5c3e99 100644 --- a/doc/man3/EVP_set_default_properties.pod +++ b/doc/man3/EVP_set_default_properties.pod @@ -41,7 +41,7 @@ property for the given I. =head1 RETURN VALUES EVP_set_default_properties() and EVP_default_properties_enable_fips() return 1 -on success, or 0 on failure. An error is placed on the the error stack if a +on success, or 0 on failure. An error is placed on the error stack if a failure occurs. EVP_default_properties_is_fips_enabled() returns 1 if the 'fips=yes' default diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index 412a4f8800..c1eb68d081 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -203,7 +203,7 @@ all such parameters as constant. As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only "const" access to the data being -indexed in the hash table (ie. it is returned as "const" from +indexed in the hash table (i.e. it is returned as "const" from elsewhere in their code) - in this case the LHASH prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index b75c137087..bc5510fac9 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -43,7 +43,7 @@ initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). -However very few applications currently support the control interface and so +However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls OPENSSL_config() it doesn't need to know or care about diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod index d7c40d0b41..f3192454e3 100644 --- a/doc/man3/OPENSSL_ia32cap.pod +++ b/doc/man3/OPENSSL_ia32cap.pod @@ -102,7 +102,7 @@ and RORX; =item bit #64+19 denoting availability of ADCX and ADOX instructions; =item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, -a.k.a. AVX512IFMA extension; +aka AVX512IFMA extension; =item bit #64+29 denoting availability of SHA extension; diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod index 6d5326191c..3eb5d1ad8a 100644 --- a/doc/man3/OPENSSL_s390xcap.pod +++ b/doc/man3/OPENSSL_s390xcap.pod @@ -179,7 +179,7 @@ Disables the vector facility: OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000" -Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: +Disables the KM-XTS-AES and the KIMD-SHAKE function codes: OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" diff --git a/doc/man3/OSSL_CMP_log_open.pod b/doc/man3/OSSL_CMP_log_open.pod index 0f67f2ae18..fdc416c0cf 100644 --- a/doc/man3/OSSL_CMP_log_open.pod +++ b/doc/man3/OSSL_CMP_log_open.pod @@ -68,7 +68,7 @@ a severity level, and a message string describing the nature of the event, terminated by '\n'. Even when an activity is successful some warnings may be useful and some degree -of auditing may be required. Therefore the logging facility supports a severity +of auditing may be required. Therefore, the logging facility supports a severity level and the callback function has a B parameter indicating such a level, such that error, warning, info, debug, etc. can be treated differently. The callback is activated only when the severity level is sufficient according @@ -76,7 +76,7 @@ to the current level of verbosity, which by default is OSSL_CMP_LOG_INFO. The callback function may itself do non-trivial tasks like writing to a log file or remote stream, which in turn may fail. -Therefore the function should return 1 on success and 0 on failure. +Therefore, the function should return 1 on success and 0 on failure. OSSL_CMP_log_open() initializes the CMP-specific logging facility to output everything to STDOUT. It fails if the integrated tracing is disabled or STDIO diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 7aa6b9377f..6712a07327 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -187,12 +187,12 @@ OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET string OSSL_PARAM structure. A parameter with name B, storage B and size B is created. -OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string +OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF string pointer OSSL_PARAM structure. A parameter with name B, storage pointer B<*buf> and size B is created. -OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string +OSSL_PARAM_construct_octet_ptr() is a function that constructs an OCTET string pointer OSSL_PARAM structure. A parameter with name B, storage pointer B<*buf> and size B is created. diff --git a/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod b/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod index fa4ba0df4d..43dddbce02 100644 --- a/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod +++ b/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod @@ -121,7 +121,7 @@ name, thus making for the naming pattern B>() when new types are handled. B, B and B in the macro names match -the B> part of of B> functions as well +the B> part of B> functions as well as B_bio> functions. =head1 SEE ALSO diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 9b03d1a874..65ba8a8a83 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -215,7 +215,7 @@ RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure. The B functions also process an RSA public key using -an RSA structure. However the public key is encoded using a +an RSA structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA. @@ -402,7 +402,7 @@ The pseudo code to derive the key would look similar to: =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse -an existing structure. Therefore the following: +an existing structure. Therefore, the following: PEM_read_bio_X509(bp, &x, 0, NULL); diff --git a/doc/man3/PKCS7_verify.pod b/doc/man3/PKCS7_verify.pod index 200464faeb..e43a769cb0 100644 --- a/doc/man3/PKCS7_verify.pod +++ b/doc/man3/PKCS7_verify.pod @@ -91,7 +91,7 @@ useful if one merely wishes to write the content to B and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index 543b3cc911..53022c8194 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -64,7 +64,7 @@ callbacks using RAND_DRBG_get_callback_data(). The ownership of the context data remains with the caller, i.e., it is the caller's responsibility to keep it available as long as it is needed by the callbacks and free it after use. -For more information about the the callback data see the NOTES section. +For more information about the callback data see the NOTES section. Setting the callbacks or the callback data is allowed only if the DRBG has not been initialized yet. @@ -91,7 +91,7 @@ does not satisfy the conditions requested by [NIST SP 800-90C], then it must also indicate an error by returning a buffer length of 0. See NOTES section for more details. -The B() callback is called from the B to to clear and +The B() callback is called from the B to clear and free the buffer allocated previously by get_entropy(). The values B and B are the random buffer's address and length, as returned by the get_entropy() callback. diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod index 9f83d50845..eaa7715bfb 100644 --- a/doc/man3/RSA_private_encrypt.pod +++ b/doc/man3/RSA_private_encrypt.pod @@ -2,7 +2,7 @@ =head1 NAME -RSA_private_encrypt, RSA_public_decrypt - low level signature operations +RSA_private_encrypt, RSA_public_decrypt - low-level signature operations =head1 SYNOPSIS @@ -24,7 +24,7 @@ Both of the functions described on this page are deprecated. Applications should instead use L, L, L and L. -These functions handle RSA signatures at a low level. +These functions handle RSA signatures at a low-level. RSA_private_encrypt() signs the B bytes at B (usually a message digest with an algorithm identifier) using the private key diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod index 88ea74921d..884765ce97 100644 --- a/doc/man3/RSA_set_method.pod +++ b/doc/man3/RSA_set_method.pod @@ -58,7 +58,7 @@ RSA_set_method() selects B to perform all operations using the key B. This will replace the RSA_METHOD used by the RSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have RSA keys that only -work with certain RSA_METHOD implementations (eg. from an ENGINE module +work with certain RSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the RSA_METHOD for the key can have unexpected results. diff --git a/doc/man3/SRP_create_verifier.pod b/doc/man3/SRP_create_verifier.pod index b235fb6a4a..18c7308533 100644 --- a/doc/man3/SRP_create_verifier.pod +++ b/doc/man3/SRP_create_verifier.pod @@ -75,7 +75,7 @@ non-NULL value on success: not be freed. SRP_check_known_gN_param() returns the text representation of the group id -(ie. the prime bit size) or NULL if the arguments are not valid SRP group parameters. +(i.e. the prime bit size) or NULL if the arguments are not valid SRP group parameters. This value should not be freed. SRP_get_default_gN() returns NULL if I is not a valid group size, diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index b060449390..753d6778df 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -141,7 +141,7 @@ for the B sent by a client in a TLSv1.3 B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where applicable (e.g. B, B) or an OpenSSL OID name -(e.g B). Group names are case sensitive. The list should be +(e.g. B). Group names are case sensitive. The list should be in order of preference with the most preferred group first. Currently supported groups for B are B, B, B, @@ -160,7 +160,7 @@ by servers. The B argument is a curve name or the special value B which picks an appropriate curve based on client and server preferences. The curve can be either the B name (e.g. B) or an OpenSSL OID name -(e.g B). Curve names are case sensitive. +(e.g. B). Curve names are case sensitive. =item B<-cipher> I @@ -372,7 +372,7 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where applicable (e.g. B, B) or an OpenSSL OID name -(e.g B). Group names are case sensitive. The list should be in +(e.g. B). Group names are case sensitive. The list should be in order of preference with the most preferred group first. Currently supported groups for B are B, B, B, diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index b65f1b4816..5eebb2b933 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -35,7 +35,7 @@ SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve For all of the functions below that set the supported groups there must be at least one group in the list. A number of these functions identify groups via a -unique integer NID value. However support for some groups may be added by +unique integer NID value. However, support for some groups may be added by external providers. In this case there will be no NID assigned for the group. When setting such groups applications should use the "list" form of these functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list). diff --git a/doc/man3/SSL_CTX_set_generate_session_id.pod b/doc/man3/SSL_CTX_set_generate_session_id.pod index d90b138f81..79b58de5ff 100644 --- a/doc/man3/SSL_CTX_set_generate_session_id.pod +++ b/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -108,8 +108,8 @@ server id given, and will fill the rest with pseudo random bytes: /* * Prefix the session_id with the required prefix. NB: If our * prefix is too long, clip it - but there will be worse effects - * anyway, eg. the server could only possibly create 1 session - * ID (ie. the prefix!) so all future session negotiations will + * anyway, e.g. the server could only possibly create 1 session + * ID (i.e. the prefix!) so all future session negotiations will * fail due to conflicts. */ memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 24bf66ad85..1bf19ecd23 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -167,7 +167,7 @@ the session. In this way the server can operate statelessly - no session information needs to be cached locally. The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index c7e51f7441..23bab17317 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -135,7 +135,7 @@ A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L will return true. There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can diff --git a/doc/man3/SSL_CTX_set_session_cache_mode.pod b/doc/man3/SSL_CTX_set_session_cache_mode.pod index 21a782d0f2..a4c5edbf02 100644 --- a/doc/man3/SSL_CTX_set_session_cache_mode.pod +++ b/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -96,7 +96,7 @@ session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using L). Note: in any SSL/TLS servers where external caching is configured, any successful -session lookups in the external cache (ie. for session-resume requests) would +session lookups in the external cache (i.e. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well. diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod index ccc10a7e14..6b2bd70364 100644 --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -26,7 +26,7 @@ B within which a session can be reused for the B object. Sessions are generated within a certain context. When exporting/importing sessions with B/B it would be possible, to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application +application), which might lead to malfunctions. Therefore, each application must set its own session id context B which is used to distinguish the contexts and is stored in exported sessions. The B can be any kind of binary data with a given length, it is therefore possible diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index e7b82606c7..6bb12cddc3 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -107,7 +107,7 @@ The return value can be any of these values: The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single -handshake. Therefore just because one ticket is unacceptable it does not mean +handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. =item SSL_TICKET_RETURN_IGNORE diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index a8af75f508..0ab84665bf 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -41,7 +41,7 @@ capability is known as "pipelining" within OpenSSL. In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL "dasync" engine provides -AES128-SHA based ciphers that have this capability. However these are for +AES128-SHA based ciphers that have this capability. However, these are for development and test purposes only. SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod index 0c271b1f11..a0a4bd6367 100644 --- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -51,7 +51,7 @@ value is initialised to SSL_AD_UNRECOGNIZED_NAME. =item SSL_TLSEXT_ERR_ALERT_WARNING If this value is returned then the servername is not accepted by the server. -However the handshake will continue and send a warning alert instead. The value +However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the B parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 69f7e9d4f8..e3802b74f0 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -126,7 +126,7 @@ failure. In the event of failure the connection setup fails. =head1 NOTES There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can diff --git a/doc/man3/SSL_get_all_async_fds.pod b/doc/man3/SSL_get_all_async_fds.pod index c0cf3f6fb7..d6ef72b0de 100644 --- a/doc/man3/SSL_get_all_async_fds.pod +++ b/doc/man3/SSL_get_all_async_fds.pod @@ -32,7 +32,7 @@ appearing as "read ready" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the B object is currently waiting for asynchronous work to complete (i.e. B has been received - see L). Typically -the list will only contain one file descriptor. However if multiple asynchronous +the list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in I<*numfds> and the file descriptors themselves are in I<*fds>. The I parameter may be NULL in which case no file @@ -63,7 +63,7 @@ SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 07466731eb..0f2b10989e 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -74,7 +74,7 @@ See L for more information. B is returned when the last operation was a write to a non-blocking B and it was unable to sent all data to the B. -When the B is writeable again, the same function can be called again. +When the B is writable again, the same function can be called again. Note that the retry may again lead to an B or B condition. @@ -84,7 +84,7 @@ protocol level. It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). -However if the call was an SSL_write() or SSL_write_ex(), it should be called +However, if the call was an SSL_write() or SSL_write_ex(), it should be called again to continue sending the application data. For socket Bs (e.g. when SSL_set_fd() was used), select() or diff --git a/doc/man3/SSL_pending.pod b/doc/man3/SSL_pending.pod index adc995212a..196912b6be 100644 --- a/doc/man3/SSL_pending.pod +++ b/doc/man3/SSL_pending.pod @@ -27,7 +27,7 @@ record) may have been read containing more TLS/SSL records. This also applies to DTLS and pipelining (see L). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() -will ignore them. Therefore it is possible for no more bytes to be readable from +will ignore them. Therefore, it is possible for no more bytes to be readable from the underlying BIO (because OpenSSL has already read them) and for SSL_pending() to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index f5c02a35ad..b934df0d6a 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -45,7 +45,7 @@ invocation of a read function. The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). -Therefore data that was not retrieved at the last read call can still be +Therefore, data that was not retrieved at the last read call can still be buffered inside the SSL layer and will be retrieved on the next read call. If B is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 460a436eaa..13c3bcf6a6 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -221,7 +221,7 @@ max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort. The configured value for max_early_data on a server may change over time as -required. However clients may have tickets containing the previously configured +required. However, clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than @@ -317,7 +317,7 @@ cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution +(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore, extreme caution should be applied when combining external PSKs with early data. Some applications may mitigate the replay risks in other ways. For those diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod index 1c1ec6e7d3..9d9219c4b1 100644 --- a/doc/man3/SSL_set_bio.pod +++ b/doc/man3/SSL_set_bio.pod @@ -26,7 +26,7 @@ the same value as previously). SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO B for the write operations of the B object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take -ownership of one reference. Therefore it may be necessary to increment the +ownership of one reference. Therefore, it may be necessary to increment the number of references available using L before calling the set0 functions. @@ -78,10 +78,8 @@ and no references are consumed for the B. If the B and B parameters are different and the B is the same as the previously set value and the old B and B values were different -to each -other then one reference is consumed for the B and one reference -is consumed -for the B. +to each other, then one reference is consumed for the B and one +reference is consumed for the B. =back diff --git a/doc/man3/UI_create_method.pod b/doc/man3/UI_create_method.pod index 5508446d4f..8d15f1b029 100644 --- a/doc/man3/UI_create_method.pod +++ b/doc/man3/UI_create_method.pod @@ -51,7 +51,7 @@ interface method creation and destruction =head1 DESCRIPTION -A method contains a few functions that implement the low level of the +A method contains a few functions that implement the low-level of the User Interface. These functions are: diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod index 2b10f7527c..981eab14b8 100644 --- a/doc/man3/X509V3_get_d2i.pod +++ b/doc/man3/X509V3_get_d2i.pod @@ -78,7 +78,7 @@ of a certificate a CRL or a CRL entry respectively. =head1 NOTES In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore the B parameter is usually B. +occurrences is an error. Therefore, the B parameter is usually B. The B parameter may be one of the following values. diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod index 9143607d9f..2021749935 100644 --- a/doc/man3/X509_LOOKUP_meth_new.pod +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -151,7 +151,7 @@ Implementations must add objects they find to the B object using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments its reference count. However, the X509_STORE_CTX_get_by_subject() function also increases the reference count which leads to one too -many references being held. Therefore applications should +many references being held. Therefore, applications should additionally call X509_free() or X509_CRL_free() to decrement the reference count again. diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index bc765c354b..e34be08b89 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -61,7 +61,7 @@ X509_STORE_CTX_new() is the same as X509_STORE_CTX_new_with_libctx() except that the default library context and a NULL property query string are used. X509_STORE_CTX_cleanup() internally cleans up an B structure. -The context can then be reused with an new call to X509_STORE_CTX_init(). +The context can then be reused with a new call to X509_STORE_CTX_init(). X509_STORE_CTX_free() completely frees up I. After this call I is no longer valid. @@ -89,7 +89,7 @@ X509_STORE_CTX_set0_verified_chain() sets the validated chain used by I to be I. Ownership of the chain is transferred to I and should not be free'd by the caller. -X509_STORE_CTX_get0_chain() returns a the internal pointer used by the +X509_STORE_CTX_get0_chain() returns the internal pointer used by the I that contains the validated chain. X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate @@ -142,7 +142,7 @@ should be made or reference counts increased instead. =head1 RETURN VALUES -X509_STORE_CTX_new() returns an newly allocates context or B is an +X509_STORE_CTX_new() returns a newly allocates context or B is an error occurred. X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred. diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 3c081e1de7..cfde5ab5ba 100644 --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -50,7 +50,7 @@ The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. -However a verification callback is B essential and the default operation +However, a verification callback is B essential and the default operation is often sufficient. The B parameter to the callback indicates the value the callback should diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index 7732cb80f3..459c37652d 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -37,7 +37,7 @@ Per section 6.4.2 of RFC 6125, B values representing international domain names must be given in A-label form. The B argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(B). When B starts -with a dot (e.g ".example.com"), it will be matched by a certificate +with a dot (e.g. ".example.com"), it will be matched by a certificate valid for any sub-domain of B, (see also B below). diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod index bc38138743..6af9e79815 100644 --- a/doc/man3/X509_check_purpose.pod +++ b/doc/man3/X509_check_purpose.pod @@ -35,7 +35,7 @@ For non-CA checks =over 4 -=item -1 an error condition has occured +=item -1 an error condition has occurred =item E<32>1 if the certificate was created to perform the purpose represented by I @@ -47,7 +47,7 @@ For CA checks the below integers could be returned with the following meanings: =over 4 -=item -1 an error condition has occured +=item -1 an error condition has occurred =item E<32>0 not a CA or does not have the purpose represented by I diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index fdf6c1d669..971339bba0 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -472,7 +472,7 @@ populated B> structure -- it B simply be fed with an empty structure such as that returned by TYPE_new(). The encoded data is in binary form and may contain embedded zeros. -Therefore any FILE pointers or BIOs should be opened in binary mode. +Therefore, any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will B return the correct length of the encoded structure. diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 1fbef74615..45c4d92cf6 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -167,7 +167,7 @@ Examples: This is a string extension with one of two legal values. If it is the word B, then OpenSSL will follow the process in RFC 5280 to calculate the hash value. -Otherwise, the value should be a hex string to output directly, however this +Otherwise, the value should be a hex string to output directly, however, this is strongly discouraged. Example: diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod index 192ca3f34b..29a8c0f7b8 100644 --- a/doc/man7/EVP_KDF-KRB5KDF.pod +++ b/doc/man7/EVP_KDF-KRB5KDF.pod @@ -48,7 +48,7 @@ A context for KRB5KDF can be obtained by calling: The output length of the KRB5KDF derivation is specified via the I parameter to the L function, and MUST match the key -length for the chosen cipher or an error is returned. Moreover the +length for the chosen cipher or an error is returned. Moreover, the constant's length must not exceed the block size of the cipher. Since the KRB5KDF output length depends on the chosen cipher, calling L to obtain the requisite length returns the correct length diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index f640753bfe..45d7c6ed5f 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -105,7 +105,7 @@ For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. =item "priv_len" (B) An optional value to set the maximum length of the generated private key. -The default valure used if this is not set is the maximum value of +The default value used if this is not set is the maximum value of BN_num_bits(I)). The minimum value that this can be set to is 2 * s. Where s is the security strength of the key which has values of 112, 128, 152, 176 and 200 for key sizes of 2048, 3072, 4096, 6144 and 8192. diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index 2937f247f5..63760389c9 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -29,7 +29,7 @@ support the following. =item "group" (B) This is only supported by X25519 and X448. The group name must be "x25519" or -"x448" repsectively for those algorithms. This is only present for consistency +"x448" respectively for those algorithms. This is only present for consistency with other key exchange algorithms and is typically not needed. =item "pub" (B) diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod index 3e810f3d3f..2a3a1a91dc 100644 --- a/doc/man7/evp.pod +++ b/doc/man7/evp.pod @@ -25,7 +25,7 @@ functions. Symmetric encryption is available with the LI|EVP_EncryptInit(3)> functions. The LI|EVP_DigestInit(3)> functions provide message digests. -The BI functions provide a high level interface to +The BI functions provide a high-level interface to asymmetric algorithms. To create a new EVP_PKEY see L. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions @@ -43,7 +43,7 @@ The EVP_PKEY functions support the full range of asymmetric algorithm operations =item For signing and verifying see L, L and L. However, note that -these functions do not perform a digest of the data to be signed. Therefore +these functions do not perform a digest of the data to be signed. Therefore, normally you would use the L functions for this purpose. @@ -72,12 +72,12 @@ as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page. -Although low level algorithm specific functions exist for many algorithms +Although low-level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE -versions of new algorithms cannot be accessed using the low level functions. +versions of new algorithms cannot be accessed using the low-level functions. Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low level and some operations are more efficient -using the high level interface. +cleanly supported at the low-level and some operations are more efficient +using the high-level interface. =head1 SEE ALSO diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 35e9f6f614..d61645f961 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -237,7 +237,7 @@ it a set of Bs and the caller supplied argument I. The Bs should provide details about the capability with the name given in the I argument relevant for the provider context I. If a provider supports multiple capabilities with the given name then it may call the -callback multipe times (one for each capability). Capabilities can be useful for +callback multiple times (one for each capability). Capabilities can be useful for describing the services that a provider can offer. For further details see the L section below. It should return 1 on success or 0 on error. @@ -346,7 +346,7 @@ L. =head1 CAPABILITIES -Capabilties describe some of the services that a provider can offer. +Capabilities describe some of the services that a provider can offer. Applications can query the capabilities to discover those services. =head3 "TLS-GROUP" Capability diff --git a/fuzz/README.md b/fuzz/README.md index c8dbf454b0..a713f85325 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -154,7 +154,7 @@ Minimizing the corpus --------------------- When you have gathered corpus data from more than one fuzzer run -or for any other reason want to to minimize the data +or for any other reason want to minimize the data in some corpus subdirectory `fuzz/corpora/DIR` this can be done as follows: mkdir fuzz/corpora/NEWDIR diff --git a/util/find-doc-nits b/util/find-doc-nits index a54d75458c..d2317459ec 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -551,6 +551,7 @@ sub functionname_check { # This is from http://man7.org/linux/man-pages/man7/man-pages.7.html my %preferred_words = ( + 'a.k.a.' => 'aka', 'bitmask' => 'bit mask', 'builtin' => 'built-in', #'epoch' => 'Epoch', # handled specially, below From builds at travis-ci.com Sun Jul 5 02:02:24 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 05 Jul 2020 02:02:24 +0000 Subject: Still Failing: openssl/openssl#35950 (master - 8c1cbc7) In-Reply-To: Message-ID: <5f0134af9eec2_13fa4dc3a1b1c104651@travis-pro-tasks-5bf777d87-5cjtx.mail> Build Update for openssl/openssl ------------------------------------- Build: #35950 Status: Still Failing Duration: 11 mins and 6 secs Commit: 8c1cbc7 (master) Author: Gustaf Neumann Message: Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12320) View the changeset: https://github.com/openssl/openssl/compare/3a19f1a9dd16...8c1cbc72105f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174306862?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sun Jul 5 03:19:01 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 05 Jul 2020 03:19:01 +0000 Subject: [openssl] master update Message-ID: <1593919141.460897.3225.nullmailer@dev.openssl.org> The branch master has been updated via 22f7f42433fe9deb409703d76a0c4383371e6983 (commit) via 7dc38bea94bcb71258eb2abaf48607a610cd576f (commit) via 132abb21f977c31477387c0585a4384e99f45b5c (commit) from 8c1cbc72105ffd493b48e65f8f5fd3657dedb28c (commit) - Log ----------------------------------------------------------------- commit 22f7f42433fe9deb409703d76a0c4383371e6983 Author: Pauli Date: Thu Jul 2 10:45:23 2020 +1000 rand: avoid caching RNG parameters. The strength and max_length DRBG parameters were being cached in the EVP_RAND layer. This commit removes the caching. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12321) commit 7dc38bea94bcb71258eb2abaf48607a610cd576f Author: Pauli Date: Wed Jul 1 10:57:03 2020 +1000 Refactor the EVP_RAND code to make locking issues less likely Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12321) commit 132abb21f977c31477387c0585a4384e99f45b5c Author: Pauli Date: Tue Jun 30 09:36:47 2020 +1000 rand: fix recursive locking issue. The calls to query the DRBG strength, state and maximum output size all used nested locks. This removes the nesting. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12321) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_local.h | 5 - crypto/evp/evp_rand.c | 243 +++++++++++++++++++++++++++++++------------------ 2 files changed, 154 insertions(+), 94 deletions(-) diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index aeb4cca266..4aae702d6f 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -69,11 +69,6 @@ struct evp_kdf_ctx_st { struct evp_rand_ctx_st { EVP_RAND *meth; /* Method structure */ void *data; /* Algorithm-specific data */ - size_t max_request; /* - * Cached: maximum number of bytes generated - * in a single call to the generate function - */ - unsigned int strength; /* Cached: bit strength of generator */ } /* EVP_RAND_CTX */ ; struct evp_rand_st { diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 6e3541481a..9273fd9c19 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -194,6 +194,7 @@ static void *evp_rand_from_dispatch(int name_id, if (rand->get_ctx_params != NULL) break; rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns); + fnctxcnt++; break; case OSSL_FUNC_RAND_SET_CTX_PARAMS: if (rand->set_ctx_params != NULL) @@ -220,7 +221,7 @@ static void *evp_rand_from_dispatch(int name_id, * locking functions. */ if (fnrandcnt != 3 - || fnctxcnt != 2 + || fnctxcnt != 3 || (fnlockcnt != 0 && fnlockcnt != 3) #ifdef FIPS_MODULE || fnzeroizecnt != 1 @@ -338,32 +339,39 @@ EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx) return ctx->meth; } +static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx, + OSSL_PARAM params[]) +{ + return ctx->meth->get_ctx_params(ctx->data, params); +} + int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) { - int res = 1; + int res; - if (ctx->meth->get_ctx_params != NULL) { - if (!evp_rand_lock(ctx)) - return 0; - res = ctx->meth->get_ctx_params(ctx->data, params); - evp_rand_unlock(ctx); - } + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_get_ctx_params_locked(ctx, params); + evp_rand_unlock(ctx); return res; } +static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx, + const OSSL_PARAM params[]) +{ + if (ctx->meth->set_ctx_params != NULL) + return ctx->meth->set_ctx_params(ctx->data, params); + return 1; +} + int EVP_RAND_set_ctx_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]) { - int res = 1; + int res; - if (ctx->meth->set_ctx_params != NULL) { - if (!evp_rand_lock(ctx)) - return 0; - res = ctx->meth->set_ctx_params(ctx->data, params); - evp_rand_unlock(ctx); - /* Clear out the cache state because the values can change on a set */ - ctx->strength = 0; - ctx->max_request = 0; - } + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_set_ctx_params_locked(ctx, params); + evp_rand_unlock(ctx); return res; } @@ -381,7 +389,7 @@ const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand) const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand) { return rand->settable_ctx_params == NULL ? NULL - :rand->settable_ctx_params(); + : rand->settable_ctx_params(); } void EVP_RAND_do_all_provided(OPENSSL_CTX *libctx, @@ -401,6 +409,14 @@ void EVP_RAND_names_do_all(const EVP_RAND *rand, evp_names_do_all(rand->prov, rand->name_id, fn, data); } +static int evp_rand_instantiate_locked + (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, + const unsigned char *pstr, size_t pstr_len) +{ + return ctx->meth->instantiate(ctx->data, strength, prediction_resistance, + pstr, pstr_len); +} + int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, const unsigned char *pstr, size_t pstr_len) @@ -409,49 +425,50 @@ int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, if (!evp_rand_lock(ctx)) return 0; - res = ctx->meth->instantiate(ctx->data, strength, prediction_resistance, - pstr, pstr_len); + res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance, + pstr, pstr_len); evp_rand_unlock(ctx); return res; } +static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx) +{ + return ctx->meth->uninstantiate(ctx->data); +} + int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx) { int res; if (!evp_rand_lock(ctx)) return 0; - res = ctx->meth->uninstantiate(ctx->data); + res = evp_rand_uninstantiate_locked(ctx); evp_rand_unlock(ctx); return res; } -int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *addin, size_t addin_len) +static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out, + size_t outlen, unsigned int strength, + int prediction_resistance, + const unsigned char *addin, + size_t addin_len) { - size_t chunk; - OSSL_PARAM params[2]; - int res = 0; + size_t chunk, max_request = 0; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (!evp_rand_lock(ctx)) + params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, + &max_request); + if (!evp_rand_get_ctx_params_locked(ctx, params) + || max_request == 0) { + EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); return 0; - if (ctx->max_request == 0) { - params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, - &chunk); - params[1] = OSSL_PARAM_construct_end(); - if (!EVP_RAND_get_ctx_params(ctx, params) || chunk == 0) { - EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); - goto err; - } - ctx->max_request = chunk; } for (; outlen > 0; outlen -= chunk, out += chunk) { - chunk = outlen > ctx->max_request ? ctx->max_request : outlen; + chunk = outlen > max_request ? max_request : outlen; if (!ctx->meth->generate(ctx->data, out, chunk, strength, prediction_resistance, addin, addin_len)) { EVPerr(0, EVP_R_GENERATE_ERROR); - goto err; + return 0; } /* * Prediction resistance is only relevant the first time around, @@ -459,82 +476,109 @@ int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, */ prediction_resistance = 0; } - res = 1; -err: + return 1; +} + +int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len) +{ + int res; + + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_generate_locked(ctx, out, outlen, strength, + prediction_resistance, addin, addin_len); evp_rand_unlock(ctx); return res; } +static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len) +{ + if (ctx->meth->reseed != NULL) + return ctx->meth->reseed(ctx->data, prediction_resistance, + ent, ent_len, addin, addin_len); + return 1; +} + int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, const unsigned char *ent, size_t ent_len, const unsigned char *addin, size_t addin_len) { - int res = 1; + int res; if (!evp_rand_lock(ctx)) return 0; - if (ctx->meth->reseed != NULL) - res = ctx->meth->reseed(ctx->data, prediction_resistance, - ent, ent_len, addin, addin_len); + res = evp_rand_reseed_locked(ctx, prediction_resistance, + ent, ent_len, addin, addin_len); evp_rand_unlock(ctx); return res; } -int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) +static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx) { - int res = 1; - unsigned int str = EVP_RAND_strength(ctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned int strength = 0; + + params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); + if (!evp_rand_get_ctx_params_locked(ctx, params)) + return 0; + return strength; +} + +unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx) +{ + unsigned int res; if (!evp_rand_lock(ctx)) return 0; - if (ctx->meth->nonce == NULL - || !ctx->meth->nonce(ctx->data, out, str, outlen, outlen)) - res = ctx->meth->generate(ctx->data, out, outlen, str, 0, NULL, 0); + res = evp_rand_strength_locked(ctx); evp_rand_unlock(ctx); return res; } -unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx) +static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out, + size_t outlen) { - OSSL_PARAM params[2]; - unsigned int t; - int res; + unsigned int str = evp_rand_strength_locked(ctx); - if (ctx->strength == 0) { - params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &t); - params[1] = OSSL_PARAM_construct_end(); - if (!evp_rand_lock(ctx)) - return 0; - res = EVP_RAND_get_ctx_params(ctx, params); - evp_rand_unlock(ctx); - if (!res) - return 0; - ctx->strength = t; - } - return ctx->strength; + if (ctx->meth->nonce == NULL) + return 0; + if (ctx->meth->nonce(ctx->data, out, str, outlen, outlen)) + return 1; + return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0); } -int EVP_RAND_state(EVP_RAND_CTX *ctx) +int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - int status, res; + int res; - params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, - &status); if (!evp_rand_lock(ctx)) return 0; - res = EVP_RAND_get_ctx_params(ctx, params); + res = evp_rand_nonce_locked(ctx, out, outlen); evp_rand_unlock(ctx); - if (!res) - status = EVP_RAND_STATE_ERROR; - return status; + return res; } -int EVP_RAND_set_callbacks(EVP_RAND_CTX *ctx, - OSSL_INOUT_CALLBACK *get_entropy, - OSSL_CALLBACK *cleanup_entropy, - OSSL_INOUT_CALLBACK *get_nonce, - OSSL_CALLBACK *cleanup_nonce, void *arg) +int EVP_RAND_state(EVP_RAND_CTX *ctx) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int state; + + params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state); + if (!EVP_RAND_get_ctx_params(ctx, params)) + state = EVP_RAND_STATE_ERROR; + return state; +} + +static int evp_rand_set_callbacks_locked(EVP_RAND_CTX *ctx, + OSSL_INOUT_CALLBACK *get_entropy, + OSSL_CALLBACK *cleanup_entropy, + OSSL_INOUT_CALLBACK *get_nonce, + OSSL_CALLBACK *cleanup_nonce, + void *arg) { if (ctx->meth->set_callbacks == NULL) { EVPerr(0, EVP_R_UNABLE_TO_SET_CALLBACKS); @@ -545,15 +589,36 @@ int EVP_RAND_set_callbacks(EVP_RAND_CTX *ctx, return 1; } +int EVP_RAND_set_callbacks(EVP_RAND_CTX *ctx, + OSSL_INOUT_CALLBACK *get_entropy, + OSSL_CALLBACK *cleanup_entropy, + OSSL_INOUT_CALLBACK *get_nonce, + OSSL_CALLBACK *cleanup_nonce, void *arg) +{ + int res; + + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_set_callbacks_locked(ctx, get_entropy, cleanup_entropy, + get_nonce, cleanup_nonce, arg); + evp_rand_unlock(ctx); + return res; +} + +static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx) +{ + if (ctx->meth->verify_zeroization != NULL) + return ctx->meth->verify_zeroization(ctx->data); + return 0; +} + int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx) { - int res = 0; + int res; - if (ctx->meth->verify_zeroization != NULL) { - if (!evp_rand_lock(ctx)) - return 0; - res = ctx->meth->verify_zeroization(ctx->data); - evp_rand_unlock(ctx); - } + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_verify_zeroization_locked(ctx); + evp_rand_unlock(ctx); return res; } From pauli at openssl.org Sun Jul 5 03:21:55 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 05 Jul 2020 03:21:55 +0000 Subject: [openssl] master update Message-ID: <1593919315.268557.6664.nullmailer@dev.openssl.org> The branch master has been updated via c996f71bab433c5d0f75945206a8cfd422829a49 (commit) via 2f142901ca7f729a20444a541ec1cb8516954056 (commit) via 6f924bb89ecb792dc1ecaa3454086f3772ba5c74 (commit) via 9283e9bd115cac8be3cf4241c8873fc10aeebb2d (commit) via c4d02214053d34990ce28598691f3dddef6f3868 (commit) from 22f7f42433fe9deb409703d76a0c4383371e6983 (commit) - Log ----------------------------------------------------------------- commit c996f71bab433c5d0f75945206a8cfd422829a49 Author: Pauli Date: Fri Jul 3 10:11:33 2020 +1000 apps: remove NULL check imn release_engine since ENGINE_free also does it. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12309) commit 2f142901ca7f729a20444a541ec1cb8516954056 Author: Pauli Date: Mon Jun 29 08:39:42 2020 +1000 coverity 1464983: null pointer dereference Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12309) commit 6f924bb89ecb792dc1ecaa3454086f3772ba5c74 Author: Pauli Date: Mon Jun 29 08:33:35 2020 +1000 coverity 1464984: Null pointer dereferences Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12309) commit 9283e9bd115cac8be3cf4241c8873fc10aeebb2d Author: Pauli Date: Mon Jun 29 08:29:10 2020 +1000 cmp: remove NULL check. Instead appease coverity by marking 1464986 as a false positive. Coverity is confused by the engine reference counting. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12309) commit c4d02214053d34990ce28598691f3dddef6f3868 Author: Pauli Date: Mon Jun 29 08:17:25 2020 +1000 coverity: CID 1464987: USE AFTER FREE Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12309) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 3 +- apps/lib/apps.c | 5 +-- crypto/property/property.c | 6 +-- providers/implementations/rands/drbg.c | 2 +- providers/implementations/rands/drbg_ctr.c | 68 +++++++++++++++--------------- 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 4a6074ba58..87daa37dfa 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -3186,8 +3186,7 @@ int cmp_main(int argc, char **argv) X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); OSSL_CMP_CTX_free(cmp_ctx); X509_VERIFY_PARAM_free(vpm); - if (engine != NULL) /* workaround for Coverity false positive */ - release_engine(engine); + release_engine(engine); NCONF_free(conf); /* must not do as long as opt_... variables are used */ OSSL_CMP_log_close(); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6c9d62fb62..3e4cc288b1 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1156,9 +1156,8 @@ ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug) void release_engine(ENGINE *e) { #ifndef OPENSSL_NO_ENGINE - if (e != NULL) - /* Free our "structural" reference. */ - ENGINE_free(e); + /* Free our "structural" reference. */ + ENGINE_free(e); #endif } diff --git a/crypto/property/property.c b/crypto/property/property.c index a72ccb02b4..a3b52ee44d 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -324,7 +324,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void **method) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(store->ctx); + OSSL_PROPERTY_LIST **plp; ALGORITHM *alg; IMPLEMENTATION *impl; OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; @@ -350,9 +350,9 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, return 0; } - if (prop_query != NULL) { + if (prop_query != NULL) p2 = pq = ossl_parse_query(store->ctx, prop_query); - } + plp = ossl_ctx_global_properties(store->ctx); if (plp != NULL && *plp != NULL) { if (pq == NULL) { pq = *plp; diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index c2fa99b865..3394271835 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -503,7 +503,7 @@ int PROV_DRBG_instantiate(PROV_DRBG *drbg, unsigned int strength, drbg->min_noncelen, drbg->max_noncelen)) { PROVerr(0, PROV_R_ERROR_RETRIEVING_NONCE); - OPENSSL_free(nonce); + goto end; } #ifndef PROV_RAND_GET_RANDOM_NONCE } else if (drbg->parent != NULL) { diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c index f481b1bb27..48fb7ebd3d 100644 --- a/providers/implementations/rands/drbg_ctr.c +++ b/providers/implementations/rands/drbg_ctr.c @@ -530,9 +530,13 @@ static int drbg_ctr_init_lengths(PROV_DRBG *drbg) static int drbg_ctr_init(PROV_DRBG *drbg) { PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data; - const size_t keylen = EVP_CIPHER_key_length(ctr->cipher_ctr); + size_t keylen; - ctr->keylen = keylen; + if (ctr->cipher_ctr == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER); + return 0; + } + ctr->keylen = keylen = EVP_CIPHER_key_length(ctr->cipher_ctr); if (ctr->ctx_ecb == NULL) ctr->ctx_ecb = EVP_CIPHER_CTX_new(); if (ctr->ctx_ctr == NULL) @@ -542,39 +546,37 @@ static int drbg_ctr_init(PROV_DRBG *drbg) goto err; } - if (ctr->cipher_ctr != NULL) { - if (!EVP_CipherInit_ex(ctr->ctx_ecb, - ctr->cipher_ecb, NULL, NULL, NULL, 1) - || !EVP_CipherInit_ex(ctr->ctx_ctr, - ctr->cipher_ctr, NULL, NULL, NULL, 1)) { - ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS); - goto err; - } + if (!EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) { + ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS); + goto err; + } - drbg->strength = keylen * 8; - drbg->seedlen = keylen + 16; + drbg->strength = keylen * 8; + drbg->seedlen = keylen + 16; - if (ctr->use_df) { - /* df initialisation */ - static const unsigned char df_key[32] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }; - - if (ctr->ctx_df == NULL) - ctr->ctx_df = EVP_CIPHER_CTX_new(); - if (ctr->ctx_df == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, - ctr->cipher_ecb, NULL, df_key, NULL, 1)) { - ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED); - goto err; - } + if (ctr->use_df) { + /* df initialisation */ + static const unsigned char df_key[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + + if (ctr->ctx_df == NULL) + ctr->ctx_df = EVP_CIPHER_CTX_new(); + if (ctr->ctx_df == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto err; + } + /* Set key schedule for df_key */ + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) { + ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED); + goto err; } } return drbg_ctr_init_lengths(drbg); From builds at travis-ci.com Sun Jul 5 04:31:28 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 05 Jul 2020 04:31:28 +0000 Subject: Still Failing: openssl/openssl#35951 (master - 22f7f42) In-Reply-To: Message-ID: <5f0157a09e14_13fa36f416610292b1@travis-pro-tasks-5897989f65-x6q96.mail> Build Update for openssl/openssl ------------------------------------- Build: #35951 Status: Still Failing Duration: 1 hr, 11 mins, and 18 secs Commit: 22f7f42 (master) Author: Pauli Message: rand: avoid caching RNG parameters. The strength and max_length DRBG parameters were being cached in the EVP_RAND layer. This commit removes the caching. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12321) View the changeset: https://github.com/openssl/openssl/compare/8c1cbc72105f...22f7f42433fe View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174311147?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Jul 5 05:40:59 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 05 Jul 2020 05:40:59 +0000 Subject: Still Failing: openssl/openssl#35952 (master - c996f71) In-Reply-To: Message-ID: <5f0167eb826ac_13fa36f4162504873@travis-pro-tasks-5897989f65-x6q96.mail> Build Update for openssl/openssl ------------------------------------- Build: #35952 Status: Still Failing Duration: 48 mins and 59 secs Commit: c996f71 (master) Author: Pauli Message: apps: remove NULL check imn release_engine since ENGINE_free also does it. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12309) View the changeset: https://github.com/openssl/openssl/compare/22f7f42433fe...c996f71bab43 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174311179?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 5 07:52:51 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 05 Jul 2020 07:52:51 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5f0186d33704b_21c7c92b1156526f603856c@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3D6iVH_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFVpfXt-2FaZy-2BptizzG67DyxpfDY3qFdAyi4QrOpH9JyVTs2Uq9DpVJbNcQGPFQN7lKcELVeH6Z2W53ZnUJgqMNK7EeMLSAjYRbZdhzhmpoyKjyWNLwP6uadQp4hmMaMbbAYN4dLWZuvDYtsr-2BOaMP8VfG1ClDgOEMomu-2Fv2oORB1e1aqMWgkZXtNGNuQuXx-2BNQ-3D Build ID: 324740 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jul 5 07:55:27 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 05 Jul 2020 07:55:27 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5f01876f39d62_21c93e2b1156526f6038566@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3D6BP2_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE-2FCg5xaqSlDJaHgRR5BumkAFibJs26IUIwAPqSAg2oCt0UI9gLhkPGlCfpHsaPn5Ov-2FZdj4-2Fub8lt5IWFtrzPRawiF9Y2fcG9Rs4lpUvxRar6g5rzrNq-2BtO7RmVraZliigDPV-2BX0Kv1igm1X4S17y7iLmnYm7I0dpgSm-2B-2FEs7-2BqXU4oEhbj1CWbEemwUbqjGI-3D Build ID: 324739 Analysis Summary: New defects found: 10 Defects eliminated: 6 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3DgP6N_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE-2FCg5xaqSlDJaHgRR5BumkAFibJs26IUIwAPqSAg2oCtjJBFsYl-2Bcapb0GeGaZiv2D9x5XrS13lDP2RWR10GCQMYcO5Gwun-2Fz9XaX-2Fj65QJB9xmxby-2Ft4A-2FaLnlvUNcYE4qjEJ3cNWjjA7kapfkIbXla4sqGrn-2B6A1jqrP-2FAvgfNqTpj1GnM8hmq9HHkT5vOE-3D From dev at ddvo.net Sun Jul 5 09:36:41 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sun, 05 Jul 2020 09:36:41 +0000 Subject: [openssl] master update Message-ID: <1593941801.362650.19379.nullmailer@dev.openssl.org> The branch master has been updated via 1dc1ea182be183d8a393fdce4494360aee059cd2 (commit) via 036cbb6bbf30955abdcffaf6e52cd926d8d8ee75 (commit) via 915e7e75a49343ff5ddd23a54219eb32f57aa01c (commit) from c996f71bab433c5d0f75945206a8cfd422829a49 (commit) - Log ----------------------------------------------------------------- commit 1dc1ea182be183d8a393fdce4494360aee059cd2 Author: Dr. David von Oheimb Date: Wed Jun 10 17:49:25 2020 +0200 Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12109) commit 036cbb6bbf30955abdcffaf6e52cd926d8d8ee75 Author: Dr. David von Oheimb Date: Wed Jun 10 14:15:28 2020 +0200 Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12109) commit 915e7e75a49343ff5ddd23a54219eb32f57aa01c Author: Dr. David von Oheimb Date: Thu Jun 11 11:28:02 2020 +0200 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 exclude_rule 'MD023' # Headers must start at the beginning of the line exclude_rule 'MD026' # Trailing punctuation in header Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12109) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 140 +++++----- CONTRIBUTING.md | 11 +- Configurations/15-android.conf | 2 +- Configurations/{README.design => README-design.md} | 218 +++++++-------- Configurations/{README => README.md} | 140 +++++----- Configure | 8 +- HACKING | 26 -- HACKING.md | 33 +++ INSTALL.md | 58 ++-- LICENSE => LICENSE.txt | 0 NEWS.md | 2 +- NOTES.ANDROID => NOTES-Android.md | 45 ++- NOTES.DJGPP => NOTES-DJGPP.md | 36 ++- NOTES.PERL => NOTES-Perl.md | 50 ++-- NOTES.UNIX => NOTES-Unix.md | 61 ++-- NOTES.VMS => NOTES-VMS.md | 32 +-- NOTES.VALGRIND => NOTES-Valgrind.md | 34 +-- NOTES.WIN => NOTES-Windows.txt | 0 README-Engine.md | 308 +++++++++++++++++++++ README.FIPS => README-FIPS.md | 3 + README.ENGINE | 287 ------------------- README.md | 16 +- VERSION => VERSION.dat | 0 config.com | 2 +- ...{README.sparse_array => README-sparse_array.md} | 17 +- crypto/engine/{README => README.md} | 27 +- crypto/err/{README => README.md} | 24 +- crypto/objects/README | 44 --- crypto/objects/README.md | 43 +++ crypto/perlasm/README | 124 --------- crypto/perlasm/README.md | 130 +++++++++ crypto/property/{README => README.md} | 23 +- demos/{README => README.txt} | 0 demos/bio/{README => README.txt} | 1 - demos/certs/{README => README.txt} | 3 - dev/{README => README.md} | 0 dev/release-aux/release-version-fn.sh | 4 +- dev/release.sh | 2 +- doc/{README => README.md} | 21 +- ssl/record/{README => README.md} | 61 ++-- ssl/statem/README | 63 ----- ssl/statem/README.md | 63 +++++ test/{README => README-dev.md} | 115 ++++---- test/{README.external => README-external.md} | 85 +++--- test/README.md | 4 +- test/data.txt | 4 + test/{README.external => data2.txt} | 2 + test/recipes/04-test_pem_data/{NOTES => NOTES.txt} | 0 test/recipes/20-test_dgst.t | 4 +- test/recipes/20-test_pkeyutl.t | 4 +- test/recipes/95-test_external_krb5.t | 2 +- util/markdownlint.rb | 2 + 52 files changed, 1216 insertions(+), 1168 deletions(-) rename Configurations/{README.design => README-design.md} (71%) rename Configurations/{README => README.md} (86%) delete mode 100644 HACKING create mode 100644 HACKING.md rename LICENSE => LICENSE.txt (100%) rename NOTES.ANDROID => NOTES-Android.md (67%) rename NOTES.DJGPP => NOTES-DJGPP.md (52%) rename NOTES.PERL => NOTES-Perl.md (71%) rename NOTES.UNIX => NOTES-Unix.md (69%) rename NOTES.VMS => NOTES-VMS.md (81%) rename NOTES.VALGRIND => NOTES-Valgrind.md (64%) rename NOTES.WIN => NOTES-Windows.txt (100%) create mode 100644 README-Engine.md rename README.FIPS => README-FIPS.md (58%) delete mode 100644 README.ENGINE rename VERSION => VERSION.dat (100%) rename crypto/{README.sparse_array => README-sparse_array.md} (93%) rename crypto/engine/{README => README.md} (95%) rename crypto/err/{README => README.md} (50%) delete mode 100644 crypto/objects/README create mode 100644 crypto/objects/README.md delete mode 100644 crypto/perlasm/README create mode 100644 crypto/perlasm/README.md rename crypto/property/{README => README.md} (86%) rename demos/{README => README.txt} (100%) rename demos/bio/{README => README.txt} (99%) rename demos/certs/{README => README.txt} (99%) rename dev/{README => README.md} (100%) rename doc/{README => README.md} (58%) rename ssl/record/{README => README.md} (56%) delete mode 100644 ssl/statem/README create mode 100644 ssl/statem/README.md rename test/{README => README-dev.md} (52%) copy test/{README.external => README-external.md} (73%) create mode 100644 test/data.txt rename test/{README.external => data2.txt} (99%) rename test/recipes/04-test_pem_data/{NOTES => NOTES.txt} (100%) diff --git a/CHANGES.md b/CHANGES.md index 585a451d18..2cb73985a3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -173,6 +173,12 @@ OpenSSL 3.0 *Richard Levitte* + * Project text documents not yet having a proper file name extension + (`HACKING`, `LICENSE`, `NOTES*`, `README*`, `VERSION`) have been renamed to + `*.md` as far as reasonable, else `*.txt`, for better use with file managers. + + *David von Oheimb* + * The main project documents (README, NEWS, CHANGES, INSTALL, SUPPORT) have been converted to Markdown with the goal to produce documents which not only look pretty when viewed online in the browser, but @@ -1054,7 +1060,7 @@ OpenSSL 3.0 * Added EVP_MAC, an EVP layer MAC API, to simplify adding MAC implementations. This includes a generic EVP_PKEY to EVP_MAC bridge, to facilitate the continued use of MACs through raw private keys in - functionality such as EVP_DigestSign* and EVP_DigestVerify*. + functionality such as `EVP_DigestSign*` and `EVP_DigestVerify*`. *Richard Levitte* @@ -1726,9 +1732,9 @@ OpenSSL 1.1.1 *Paul Yang* * Add SM3 implemented according to GB/T 32905-2016 - * Jack Lloyd , - Ronald Tse , - Erick Borsboom * + *Jack Lloyd ,* + *Ronald Tse ,* + *Erick Borsboom * * Add 'Maximum Fragment Length' TLS extension negotiation and support as documented in RFC6066. @@ -1737,9 +1743,9 @@ OpenSSL 1.1.1 *Filipe Raimundo da Silva* * Add SM4 implemented according to GB/T 32907-2016. - * Jack Lloyd , - Ronald Tse , - Erick Borsboom * + *Jack Lloyd ,* + *Ronald Tse ,* + *Erick Borsboom * * Reimplement -newreq-nodes and ERR_error_string_n; the original author does not agree with the license change. @@ -2925,7 +2931,7 @@ OpenSSL 1.1.0 Makefile. Instead, Configure produces a perl module in configdata.pm which holds most of the config data (in the hash table %config), the target data that comes from the target - configuration in one of the `Configurations/*.conf~ files (in + configuration in one of the `Configurations/*.conf` files (in %target). *Richard Levitte* @@ -3056,21 +3062,21 @@ OpenSSL 1.1.0 opaque. For HMAC_CTX, the following constructors and destructors were added: - HMAC_CTX *HMAC_CTX_new(void); - void HMAC_CTX_free(HMAC_CTX *ctx); + HMAC_CTX *HMAC_CTX_new(void); + void HMAC_CTX_free(HMAC_CTX *ctx); For EVP_MD and EVP_CIPHER, complete APIs to create, fill and destroy such methods has been added. See EVP_MD_meth_new(3) and EVP_CIPHER_meth_new(3) for documentation. Additional changes: - 1) EVP_MD_CTX_cleanup(), EVP_CIPHER_CTX_cleanup() and - HMAC_CTX_cleanup() were removed. HMAC_CTX_reset() and - EVP_MD_CTX_reset() should be called instead to reinitialise + 1) `EVP_MD_CTX_cleanup()`, `EVP_CIPHER_CTX_cleanup()` and + `HMAC_CTX_cleanup()` were removed. `HMAC_CTX_reset()` and + `EVP_MD_CTX_reset()` should be called instead to reinitialise an already created structure. 2) For consistency with the majority of our object creators and - destructors, EVP_MD_CTX_(create|destroy) were renamed to - EVP_MD_CTX_(new|free). The old names are retained as macros + destructors, `EVP_MD_CTX_(create|destroy)` were renamed to + `EVP_MD_CTX_(new|free)`. The old names are retained as macros for deprecated builds. *Richard Levitte* @@ -3104,12 +3110,12 @@ OpenSSL 1.1.0 * State machine rewrite. The state machine code has been significantly refactored in order to remove much duplication of code and solve issues - with the old code (see ssl/statem/README for further details). This change - does have some associated API changes. Notably the SSL_state() function - has been removed and replaced by SSL_get_state which now returns an - "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed - altogether. The previous handshake states defined in ssl.h and ssl3.h have - also been removed. + with the old code (see [ssl/statem/README.md](ssl/statem/README.md) for + further details). This change does have some associated API changes. + Notably the SSL_state() function has been removed and replaced by + SSL_get_state which now returns an "OSSL_HANDSHAKE_STATE" instead of an int. + SSL_set_state() has been removed altogether. The previous handshake states + defined in ssl.h and ssl3.h have also been removed. *Matt Caswell* @@ -3168,8 +3174,8 @@ OpenSSL 1.1.0 *Emilia K?sper* * Fix no-stdio build. - * David Woodhouse and also - Ivan Nestlerode * + *David Woodhouse and also* + *Ivan Nestlerode * * New testing framework The testing framework has been largely rewritten and is now using @@ -3573,7 +3579,7 @@ OpenSSL 1.1.0 *Steve Henson* - * Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*. + * Rename old X9.31 PRNG functions of the form `FIPS_rand*` to `FIPS_x931*`. This shouldn't present any incompatibility problems because applications shouldn't be using these directly and any that are will need to rethink anyway as the X9.31 PRNG is now deprecated by FIPS 140-2 @@ -4452,11 +4458,11 @@ OpenSSL 1.0.2 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption In the BN_hex2bn function the number of hex digits is calculated using an - int value |i|. Later |bn_expand| is called with a value of |i * 4|. For - large values of |i| this can result in |bn_expand| not allocating any - memory because |i * 4| is negative. This can leave the internal BIGNUM data + int value `i`. Later `bn_expand` is called with a value of `i * 4`. For + large values of `i` this can result in `bn_expand` not allocating any + memory because `i * 4` is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values - of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + of `i`, the calculation `i * 4` could be a positive value smaller than `i`. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn @@ -4476,11 +4482,11 @@ OpenSSL 1.0.2 * Fix memory issues in `BIO_*printf` functions - The internal |fmtstr| function used in processing a "%s" format string in + The internal `fmtstr` function used in processing a "%s" format string in the `BIO_*printf` functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. - Additionally the internal |doapr_outch| function can attempt to write to an + Additionally the internal `doapr_outch` function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this @@ -5654,11 +5660,11 @@ OpenSSL 1.0.1 * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption In the BN_hex2bn function the number of hex digits is calculated using an - int value |i|. Later |bn_expand| is called with a value of |i * 4|. For - large values of |i| this can result in |bn_expand| not allocating any - memory because |i * 4| is negative. This can leave the internal BIGNUM data + int value `i`. Later `bn_expand` is called with a value of `i * 4`. For + large values of `i` this can result in `bn_expand` not allocating any + memory because `i * 4` is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values - of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + of `i`, the calculation `i * 4` could be a positive value smaller than `i`. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn @@ -5678,11 +5684,11 @@ OpenSSL 1.0.1 * Fix memory issues in `BIO_*printf` functions - The internal |fmtstr| function used in processing a "%s" format string in + The internal `fmtstr` function used in processing a "%s" format string in the `BIO_*printf` functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. - Additionally the internal |doapr_outch| function can attempt to write to an + Additionally the internal `doapr_outch` function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this @@ -6499,8 +6505,8 @@ OpenSSL 1.0.1 disable just protocol X, but all protocols above X *if* there are protocols *below* X still enabled. In more practical terms it means that if application wants to disable TLS1.0 in favor of TLS1.1 and - above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass - SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to + above, it's not sufficient to pass `SSL_OP_NO_TLSv1`, one has to pass + `SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2`. This applies to client side. *Andy Polyakov* @@ -11587,7 +11593,8 @@ OpenSSL 0.9.7.] of specific crypto interfaces. This change also introduces integrated support for symmetric ciphers and digest implementations - so ENGINEs can now accelerate these by providing EVP_CIPHER and EVP_MD - implementations of their own. This is detailed in crypto/engine/README + implementations of their own. This is detailed in + [crypto/engine/README.md](crypto/engine/README.md) as it couldn't be adequately described here. However, there are a few API changes worth noting - some RSA, DSA, DH, and RAND functions that were changed in the original introduction of ENGINE code have now @@ -11663,7 +11670,7 @@ OpenSSL 0.9.7.] makes them more flexible to be built both as statically-linked ENGINEs and self-contained shared-libraries loadable via the "dynamic" ENGINE. Also, add stub code to each that makes building them as self-contained - shared-libraries easier (see README.ENGINE). + shared-libraries easier (see [README-Engine.md](README-Engine.md)). *Geoff Thorpe* @@ -11672,7 +11679,8 @@ OpenSSL 0.9.7.] self-contained shared-libraries. The "dynamic" ENGINE exposes control commands that can be used to configure what shared-library to load and to control aspects of the way it is handled. Also, made an update to - the README.ENGINE file that brings its information up-to-date and + the [README-Engine.md](README-Engine.md) file + that brings its information up-to-date and provides some information and instructions on the "dynamic" ENGINE (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). @@ -12320,8 +12328,8 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Geoff Thorpe, Lutz Jaenicke* * Modify mkdef.pl to recognise and parse preprocessor conditionals - of the form '#if defined(...) || defined(...) || ...' and - '#if !defined(...) && !defined(...) && ...'. This also avoids + of the form `#if defined(...) || defined(...) || ...` and + `#if !defined(...) && !defined(...) && ...`. This also avoids the growing number of special cases it was previously handling. *Richard Levitte* @@ -12894,9 +12902,9 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Bodo Moeller* - * Move `BN_mod_...` functions into new file crypto/bn/bn_mod.c - (except for exponentiation, which stays in crypto/bn/bn_exp.c, - and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) + * Move `BN_mod_...` functions into new file `crypto/bn/bn_mod.c` + (except for exponentiation, which stays in `crypto/bn/bn_exp.c`, + and `BN_mod_mul_reciprocal`, which stays in `crypto/bn/bn_recp.c`) and add new functions: BN_nnmod @@ -12912,16 +12920,16 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k These functions always generate non-negative results. - BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r - such that |m| < r < 0, BN_nnmod will output rem + |m| instead). + `BN_nnmod` otherwise is `like BN_mod` (if `BN_mod` computes a remainder `r` + such that `|m| < r < 0`, `BN_nnmod` will output `rem + |m|` instead). - BN_mod_XXX_quick(r, a, [b,] m) generates the same result as - BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] - be reduced modulo m. + `BN_mod_XXX_quick(r, a, [b,] m)` generates the same result as + `BN_mod_XXX(r, a, [b,] m, ctx)`, but requires that `a` [and `b`] + be reduced modulo `m`. *Lenka Fibikova , Bodo Moeller* -f 0 + * In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that @@ -14675,7 +14683,7 @@ ndif * Change the handling of OID objects as follows: - New object identifiers are inserted in objects.txt, following - the syntax given in objects.README. + the syntax given in [crypto/objects/README.md](crypto/objects/README.md). - objects.pl is used to process obj_mac.num and create a new obj_mac.h. - obj_dat.pl is used to create a new obj_dat.h, using the data in @@ -17391,10 +17399,10 @@ ndif *Steve Henson* * Be less restrictive and allow also `perl util/perlpath.pl - /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', - because this way one can also use an interpreter named `perl5' (which is + /path/to/bin/perl` in addition to `perl util/perlpath.pl /path/to/bin`, + because this way one can also use an interpreter named `perl5` (which is usually the name of Perl 5.xxx on platforms where an Perl 4.x is still - installed as `perl'). + installed as `perl`). *Matthias Loepfe * @@ -17427,7 +17435,7 @@ ndif *Steve Henson* - * Make `openssl version' output lines consistent. + * Make `openssl version` output lines consistent. *Ralf S. Engelschall* @@ -17484,7 +17492,7 @@ ndif *Ben Laurie* * Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified - on the `perl Configure ...' command line. This way one can compile + on the `perl Configure ...` command line. This way one can compile OpenSSL libraries with Position Independent Code (PIC) which is needed for linking it into DSOs. @@ -17503,9 +17511,9 @@ ndif *Ralf S. Engelschall* - * General source tree makefile cleanups: Made `making xxx in yyy...' - display consistent in the source tree and replaced `/bin/rm' by `rm'. - Additionally cleaned up the `make links' target: Remove unnecessary + * General source tree makefile cleanups: Made `making xxx in yyy...` + display consistent in the source tree and replaced `/bin/rm` by `rm`. + Additionally cleaned up the `make links` target: Remove unnecessary semicolons, subsequent redundant removes, inline point.sh into mklink.sh to speed processing and no longer clutter the display with confusing stuff. Instead only the actually done links are displayed. @@ -17632,12 +17640,12 @@ ndif *Ralf S. Engelschall* - * Make `openssl x509 -noout -modulus' functional also for DSA certificates + * Make `openssl x509 -noout -modulus`' functional also for DSA certificates (in addition to RSA certificates) to match the behaviour of `openssl dsa - -noout -modulus' as it's already the case for `openssl rsa -noout - -modulus'. For RSA the -modulus is the real "modulus" while for DSA + -noout -modulus` as it's already the case for `openssl rsa -noout + -modulus`. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by - `openssl dsa -modulus' in the past) which serves a similar purpose. + `openssl dsa -modulus` in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 23756a5d4a..3e11b0b89f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -54,8 +54,8 @@ guidelines: (usually by rebasing) before it will be acceptable. 4. Patches should follow our [coding style][] and compile without warnings. - Where gcc or clang is available you should use the - --strict-warnings Configure option. OpenSSL compiles on many varied + Where `gcc` or `clang` is available you should use the + `--strict-warnings` `Configure` option. OpenSSL compiles on many varied platforms: try to ensure you only use portable features. Clean builds via Travis and AppVeyor are required, and they are started automatically whenever a PR is created or updated. @@ -64,7 +64,7 @@ guidelines: 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see - test/README for information on the test framework. + [test/README.md](test/README.md) for information on the test framework. 6. New features or changed functionality must include documentation. Please look at the "pod" files in doc/man[1357] for @@ -77,7 +77,7 @@ guidelines: explain the grander details. Have a look through existing entries for inspiration. Please note that this is NOT simply a copy of git-log one-liners. - Also note that security fixes get an entry in CHANGES.md. + Also note that security fixes get an entry in [CHANGES.md](CHANGES.md). This file helps users get more in depth information of what comes with a specific release without having to sift through the higher noise ratio in git-log. @@ -89,3 +89,6 @@ guidelines: OpenSSL 1.1.0). This file helps users get a very quick summary of what comes with a specific release, to see if an upgrade is worth the effort. + + 9. Guidelines how to integrate error output of new crypto library modules + can be found in [crypto/err/README.md](crypto/err/README.md). \ No newline at end of file diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf index d3b2ff6a1c..77d6c8b47d 100644 --- a/Configurations/15-android.conf +++ b/Configurations/15-android.conf @@ -1,6 +1,6 @@ #### Android... # -# See NOTES.ANDROID for details, and don't miss platform-specific +# See NOTES-Android.md for details, and don't miss platform-specific # comments below... { diff --git a/Configurations/README.design b/Configurations/README-design.md similarity index 71% rename from Configurations/README.design rename to Configurations/README-design.md index b79d0b2e49..ef21a3ae28 100644 --- a/Configurations/README.design +++ b/Configurations/README-design.md @@ -4,17 +4,17 @@ Design document for the unified scheme data How are things connected? ------------------------- -The unified scheme takes all its data from the build.info files seen +The unified scheme takes all its data from the `build.info` files seen throughout the source tree. These files hold the minimum information needed to build end product files from diverse sources. See the -section on build.info files below. +section on `build.info` files below. -From the information in build.info files, Configure builds up an -information database as a hash table called %unified_info, which is +From the information in `build.info` files, `Configure` builds up an +information database as a hash table called `%unified_info`, which is stored in configdata.pm, found at the top of the build tree (which may or may not be the same as the source tree). -Configurations/common.tmpl uses the data from %unified_info to +[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to generate the rules for building end product files as well as intermediary files with the help of a few functions found in the build-file templates. See the section on build-file templates further @@ -23,36 +23,35 @@ down for more information. build.info files ---------------- -As mentioned earlier, build.info files are meant to hold the minimum +As mentioned earlier, `build.info` files are meant to hold the minimum information needed to build output files, and therefore only (with a few possible exceptions [1]) have information about end products (such as scripts, library files and programs) and source files (such as C files, C header files, assembler files, etc). Intermediate files such -as object files are rarely directly referred to in build.info files (and -when they are, it's always with the file name extension .o), they are -inferred by Configure. By the same rule of minimalism, end product -file name extensions (such as .so, .a, .exe, etc) are never mentioned -in build.info. Their file name extensions will be inferred by the +as object files are rarely directly referred to in `build.info` files (and +when they are, it's always with the file name extension `.o`), they are +inferred by `Configure`. By the same rule of minimalism, end product +file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned +in `build.info`. Their file name extensions will be inferred by the build-file templates, adapted for the platform they are meant for (see -sections on %unified_info and build-file templates further down). +sections on `%unified_info` and build-file templates further down). -The variables PROGRAMS, LIBS, MODULES and SCRIPTS are used to declare -end products. There are variants for them with '_NO_INST' as suffix -(PROGRAM_NO_INST etc) to specify end products that shouldn't get -installed. +The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare +end products. There are variants for them with `_NO_INST` as suffix +(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed. -The variables SOURCE, DEPEND, INCLUDE and DEFINE are indexed by a +The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a produced file, and their values are the source used to produce that particular produced file, extra dependencies, include directories needed, or C macros to be defined. -All their values in all the build.info throughout the source tree are +All their values in all the `build.info` throughout the source tree are collected together and form a set of programs, libraries, modules and scripts to be produced, source files, dependencies, etc etc etc. Let's have a pretend example, a very limited contraption of OpenSSL, -composed of the program 'apps/openssl', the libraries 'libssl' and -'libcrypto', an module 'engines/ossltest' and their sources and +composed of the program `apps/openssl`, the libraries `libssl` and +`libcrypto`, an module `engines/ossltest` and their sources and dependencies. # build.info @@ -61,11 +60,11 @@ dependencies. INCLUDE[libssl]=include DEPEND[libssl]=libcrypto -This is the top directory build.info file, and it tells us that two -libraries are to be built, the include directory 'include/' shall be +This is the top directory `build.info` file, and it tells us that two +libraries are to be built, the include directory `include/` shall be used throughout when building anything that will end up in each -library, and that the library 'libssl' depend on the library -'libcrypto' to function properly. +library, and that the library `libssl` depend on the library +`libcrypto` to function properly. # apps/build.info PROGRAMS=openssl @@ -73,15 +72,15 @@ library, and that the library 'libssl' depend on the library INCLUDE[openssl]=.. ../include DEPEND[openssl]=../libssl -This is the build.info file in 'apps/', one may notice that all file -paths mentioned are relative to the directory the build.info file is +This is the `build.info` file in `apps/`, one may notice that all file +paths mentioned are relative to the directory the `build.info` file is located in. This one tells us that there's a program to be built -called 'apps/openssl' (the file name extension will depend on the -platform and is therefore not mentioned in the build.info file). It's -built from one source file, 'apps/openssl.c', and building it requires -the use of '.' and 'include' include directories (both are declared -from the point of view of the 'apps/' directory), and that the program -depends on the library 'libssl' to function properly. +called `apps/openss` (the file name extension will depend on the +platform and is therefore not mentioned in the `build.info` file). It's +built from one source file, `apps/openssl.c`, and building it requires +the use of `.` and `include/` include directories (both are declared +from the point of view of the `apps/` directory), and that the program +depends on the library `libssl` to function properly. # crypto/build.info LIBS=../libcrypto @@ -92,32 +91,32 @@ depends on the library 'libssl' to function properly. DEPEND[buildinf.h]=../Makefile DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm -This is the build.info file in 'crypto', and it tells us a little more -about what's needed to produce 'libcrypto'. LIBS is used again to -declare that 'libcrypto' is to be produced. This declaration is -really unnecessary as it's already mentioned in the top build.info +This is the `build.info` file in `crypto/`, and it tells us a little more +about what's needed to produce `libcrypto`. LIBS is used again to +declare that `libcrypto` is to be produced. This declaration is +really unnecessary as it's already mentioned in the top `build.info` file, but can make the info file easier to understand. This is to show that duplicate information isn't an issue. -This build.info file informs us that 'libcrypto' is built from a few -source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'. +This `build.info` file informs us that `libcrypto` is built from a few +source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`. It also shows us that building the object file inferred from -'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it +`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it also shows the possibility to declare how some files are generated using some script, in this case a perl script, and how such scripts can be declared to depend on other files, in this case a perl module. Two things are worth an extra note: -'DEPEND[cversion.o]' mentions an object file. DEPEND indexes is the +`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the only location where it's valid to mention them # ssl/build.info LIBS=../libssl SOURCE[../libssl]=tls.c -This is the build.info file in 'ssl/', and it tells us that the -library 'libssl' is built from the source file 'ssl/tls.c'. +This is the build.info file in `ssl/`, and it tells us that the +library `libssl` is built from the source file `ssl/tls.c`. # engines/build.info MODULES=dasync @@ -130,17 +129,17 @@ library 'libssl' is built from the source file 'ssl/tls.c'. DEPEND[ossltest]=../libcrypto.a INCLUDE[ossltest]=../include -This is the build.info file in 'engines/', telling us that two modules -called 'engines/dasync' and 'engines/ossltest' shall be built, that -dasync's source is 'engines/e_dasync.c' and ossltest's source is -'engines/e_ossltest.c' and that the include directory 'include/' may +This is the `build.info` file in `engines/`, telling us that two modules +called `engines/dasync` and `engines/ossltest` shall be built, that +`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is +`engines/e_ossltest.c` and that the include directory `include/` may be used when building anything that will be part of these modules. -Also, both modules depend on the library 'libcrypto' to function -properly. ossltest is explicitly linked with the static variant of -the library 'libcrypto'. Finally, only dasync is being installed, as -ossltest is only for internal testing. +Also, both modules depend on the library `libcrypto` to function +properly. `ossltest` is explicitly linked with the static variant of +the library `libcrypto`. Finally, only `dasync` is being installed, as +`ossltest` is only for internal testing. -When Configure digests these build.info files, the accumulated +When `Configure` digests these `build.info` files, the accumulated information comes down to this: LIBS=libcrypto libssl @@ -170,83 +169,81 @@ information comes down to this: DEPEND[crypto/buildinf.h]=Makefile DEPEND[util/mkbuildinf.pl]=util/Foo.pm - A few notes worth mentioning: -LIBS may be used to declare routine libraries only. +`LIBS` may be used to declare routine libraries only. -PROGRAMS may be used to declare programs only. +`PROGRAMS` may be used to declare programs only. -MODULES may be used to declare modules only. +`MODULES` may be used to declare modules only. -The indexes for SOURCE must only be end product files, such as -libraries, programs or modules. The values of SOURCE variables must +The indexes for `SOURCE` must only be end product files, such as +libraries, programs or modules. The values of `SOURCE` variables must only be source files (possibly generated). -INCLUDE and DEPEND shows a relationship between different files +`INCLUDE` and `DEPEND` shows a relationship between different files (usually produced files) or between files and directories, such as a program depending on a library, or between an object file and some extra source file. -When Configure processes the build.info files, it will take it as +When `Configure` processes the `build.info` files, it will take it as truth without question, and will therefore perform very few checks. If the build tree is separate from the source tree, it will assume that all built files and up in the build directory and that all source files are to be found in the source tree, if they can be found there. -Configure will assume that source files that can't be found in the -source tree (such as 'crypto/bildinf.h' in the example above) are +`Configure` will assume that source files that can't be found in the +source tree (such as `crypto/bildinf.h` in the example above) are generated and will be found in the build tree. +The `%unified_info` database +---------------------------- -The %unified_info database --------------------------- - -The information in all the build.info get digested by Configure and -collected into the %unified_info database, divided into the following +The information in all the `build.info` get digested by `Configure` and +collected into the `%unified_info` database, divided into the following indexes: - depends => a hash table containing 'file' => [ 'dependency' ... ] - pairs. These are directly inferred from the DEPEND - variables in build.info files. + depends => a hash table containing 'file' => [ 'dependency' ... ] + pairs. These are directly inferred from the DEPEND + variables in build.info files. - modules => a list of modules. These are directly inferred from - the MODULES variable in build.info files. + modules => a list of modules. These are directly inferred from + the MODULES variable in build.info files. - generate => a hash table containing 'file' => [ 'generator' ... ] - pairs. These are directly inferred from the GENERATE - variables in build.info files. + generate => a hash table containing 'file' => [ 'generator' ... ] + pairs. These are directly inferred from the GENERATE + variables in build.info files. - includes => a hash table containing 'file' => [ 'include' ... ] - pairs. These are directly inferred from the INCLUDE - variables in build.info files. + includes => a hash table containing 'file' => [ 'include' ... ] + pairs. These are directly inferred from the INCLUDE + variables in build.info files. - install => a hash table containing 'type' => [ 'file' ... ] pairs. - The types are 'programs', 'libraries', 'modules' and - 'scripts', and the array of files list the files of - that type that should be installed. + install => a hash table containing 'type' => [ 'file' ... ] pairs. + The types are 'programs', 'libraries', 'modules' and + 'scripts', and the array of files list the files of + that type that should be installed. - libraries => a list of libraries. These are directly inferred from - the LIBS variable in build.info files. + libraries => a list of libraries. These are directly inferred from + the LIBS variable in build.info files. - programs => a list of programs. These are directly inferred from - the PROGRAMS variable in build.info files. + programs => a list of programs. These are directly inferred from + the PROGRAMS variable in build.info files. - scripts => a list of scripts. There are directly inferred from - the SCRIPTS variable in build.info files. + scripts => a list of scripts. There are directly inferred from + the SCRIPTS variable in build.info files. - sources => a hash table containing 'file' => [ 'sourcefile' ... ] - pairs. These are indirectly inferred from the SOURCE - variables in build.info files. Object files are - mentioned in this hash table, with source files from - SOURCE variables, and AS source files for programs and - libraries. + sources => a hash table containing 'file' => [ 'sourcefile' ... ] + pairs. These are indirectly inferred from the SOURCE + variables in build.info files. Object files are + mentioned in this hash table, with source files from + SOURCE variables, and AS source files for programs and + libraries. - shared_sources => - a hash table just like 'sources', but only as source - files (object files) for building shared libraries. + shared_sources => + a hash table just like 'sources', but only as source + files (object files) for building shared libraries. -As an example, here is how the build.info files example from the -section above would be digested into a %unified_info table: +As an example, here is how the `build.info` files example from the +section above would be digested into a `%unified_info` table: our %unified_info = ( "depends" => @@ -399,20 +396,19 @@ section above would be digested into a %unified_info table: }, ); -As can be seen, everything in %unified_info is fairly simple suggest +As can be seen, everything in `%unified_info` is fairly simple suggest of information. Still, it tells us that to build all programs, we -must build 'apps/openssl', and to build the latter, we will need to -build all its sources ('apps/openssl.o' in this case) and all the -other things it depends on (such as 'libssl'). All those dependencies -need to be built as well, using the same logic, so to build 'libssl', -we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the +must build `apps/openssl`, and to build the latter, we will need to +build all its sources (`apps/openssl.o` in this case) and all the +other things it depends on (such as `libssl`). All those dependencies +need to be built as well, using the same logic, so to build `libssl`, +we need to build `ssl/tls.o` as well as `libcrypto`, and to build the latter... - Build-file templates -------------------- -Build-file templates are essentially build-files (such as Makefile on +Build-file templates are essentially build-files (such as `Makefile` on Unix) with perl code fragments mixed in. Those perl code fragment will generate all the configuration dependent data, including all the rules needed to build end product files and intermediary files alike. @@ -461,7 +457,7 @@ etc. incs => [ "INCL/PATH", ... ] intent => one of "lib", "dso", "bin" ); - 'obj' has the intended object file with '.o' + 'obj' has the intended object file with `.o` extension, src2obj() is expected to change it to something more suitable for the platform. 'srcs' has the list of source files to build the @@ -557,13 +553,13 @@ etc. resulting script from. Along with the build-file templates is the driving template -Configurations/common.tmpl, which looks through all the information in -%unified_info and generates all the rulesets to build libraries, +[`Configurations/common.tmpl`](common.tmpl), which looks through all the +information in `%unified_info` and generates all the rulesets to build libraries, programs and all intermediate files, using the rule generating functions defined in the build-file template. -As an example with the smaller build.info set we've seen as an -example, producing the rules to build 'libcrypto' would result in the +As an example with the smaller `build.info` set we've seen as an +example, producing the rules to build `libcrypto` would result in the following calls: # Note: obj2shlib will only be called if shared libraries are diff --git a/Configurations/README b/Configurations/README.md similarity index 86% rename from Configurations/README rename to Configurations/README.md index a0618ca2d3..3fa80a3fab 100644 --- a/Configurations/README +++ b/Configurations/README.md @@ -14,7 +14,6 @@ configuration in diverse ways: script. See 'Configure helper scripts for more information. - Configurations of OpenSSL target platforms ========================================== @@ -54,12 +53,12 @@ In each table entry, the following keys are significant: usually good enough. cppflags => Default C preprocessor flags [4]. defines => As an alternative, macro definitions may be - given here instead of in `cppflags' [4]. + given here instead of in 'cppflags' [4]. If given here, they MUST be as an array of the string such as "MACRO=value", or just "MACRO" for definitions without value. includes => As an alternative, inclusion directories - may be given here instead of in `cppflags' + may be given here instead of in 'cppflags' [4]. If given here, the MUST be an array of strings, one directory specification each. @@ -99,9 +98,9 @@ In each table entry, the following keys are significant: module_cppflags module_cflags module_ldflags => Has the same function as the corresponding - `shared_' attributes, but for building DSOs. + 'shared_' attributes, but for building DSOs. When unset, they get the same values as the - corresponding `shared_' attributes. + corresponding 'shared_' attributes. ar => The library archive command, the default is "ar". @@ -237,31 +236,30 @@ In each table entry, the following keys are significant: RC4_INT RC4 key schedule is made up of 'unsigned int's; - [1] as part of the target configuration, one can have a key called - 'inherit_from' that indicate what other configurations to inherit - data from. These are resolved recursively. + `inherit_from` that indicates what other configurations to inherit + data from. These are resolved recursively. - Inheritance works as a set of default values that can be overridden - by corresponding key values in the inheriting configuration. + Inheritance works as a set of default values that can be overridden + by corresponding key values in the inheriting configuration. - Note 1: any configuration table can be used as a template. - Note 2: pure templates have the attribute 'template => 1' and - cannot be used as build targets. + Note 1: any configuration table can be used as a template. + Note 2: pure templates have the attribute `template => 1` and + cannot be used as build targets. - If several configurations are given in the 'inherit_from' array, - the values of same attribute are concatenated with space - separation. With this, it's possible to have several smaller - templates for different configuration aspects that can be combined - into a complete configuration. + If several configurations are given in the `inherit_from` array, + the values of same attribute are concatenated with space + separation. With this, it's possible to have several smaller + templates for different configuration aspects that can be combined + into a complete configuration. - instead of a scalar value or an array, a value can be a code block - of the form 'sub { /* your code here */ }'. This code block will - be called with the list of inherited values for that key as - arguments. In fact, the concatenation of strings is really done - by using 'sub { join(" ", at _) }' on the list of inherited values. + Instead of a scalar value or an array, a value can be a code block + of the form `sub { /* your code here */ }`. This code block will + be called with the list of inherited values for that key as + arguments. In fact, the concatenation of strings is really done + by using `sub { join(" ", at _) }` on the list of inherited values. - An example: + An example: "foo" => { template => 1, @@ -291,21 +289,21 @@ In each table entry, the following keys are significant: } [2] OpenSSL is built with threading capabilities unless the user - specifies 'no-threads'. The value of the key 'thread_scheme' may - be "(unknown)", in which case the user MUST give some compilation - flags to Configure. + specifies `no-threads`. The value of the key `thread_scheme` may + be `(unknown)`, in which case the user MUST give some compilation + flags to `Configure`. [3] OpenSSL has three types of things to link from object files or - static libraries: + static libraries: - - shared libraries; that would be libcrypto and libssl. - - shared objects (sometimes called dynamic libraries); that would - be the modules. - - applications; those are apps/openssl and all the test apps. + - shared libraries; that would be libcrypto and libssl. + - shared objects (sometimes called dynamic libraries); that would + be the modules. + - applications; those are apps/openssl and all the test apps. - Very roughly speaking, linking is done like this (words in braces - represent the configuration settings documented at the beginning - of this file): + Very roughly speaking, linking is done like this (words in braces + represent the configuration settings documented at the beginning + of this file): shared libraries: {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \ @@ -319,38 +317,43 @@ In each table entry, the following keys are significant: {ld} $(CFLAGS) {lflags} -o app \ app1.o utils.o -lssl -lcrypto {ex_libs} -[4] There are variants of these attribute, prefixed with `lib_', - `dso_' or `bin_'. Those variants replace the unprefixed attribute - when building library, DSO or program modules specifically. +[4] There are variants of these attribute, prefixed with `lib_`, + `dso_` or `bin_`. Those variants replace the unprefixed attribute + when building library, DSO or program modules specifically. Historically, the target configurations came in form of a string with values separated by colons. This use is deprecated. The string form looked like this: - "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}" - + "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}: + {bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}: + {bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}: + {rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}: + {padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}: + {shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}: + {arflags}:{multilib}" Build info files ================ -The build.info files that are spread over the source tree contain the +The `build.info` files that are spread over the source tree contain the minimum information needed to build and distribute OpenSSL. It uses a simple and yet fairly powerful language to determine what needs to be built, from what sources, and other relationships between files. -For every build.info file, all file references are relative to the -directory of the build.info file for source files, and the +For every `build.info` file, all file references are relative to the +directory of the `build.info` file for source files, and the corresponding build directory for built files if the build tree differs from the source tree. When processed, every line is processed with the perl module -Text::Template, using the delimiters "{-" and "-}". The hashes -%config and %target are passed to the perl fragments, along with +Text::Template, using the delimiters `{-` and `-}`. The hashes +`%config` and `%target` are passed to the perl fragments, along with $sourcedir and $builddir, which are the locations of the source -directory for the current build.info file and the corresponding build +directory for the current `build.info` file and the corresponding build directory, all relative to the top of the build tree. -'Configure' only knows inherently about the top build.info file. For +`Configure` only knows inherently about the top `build.info` file. For any other directory that has one, further directories to look into must be indicated like this: @@ -393,7 +396,7 @@ This should be rarely used, and care should be taken to make sure it's only used when supported. For example, native Windows build doesn't support building static libraries and DLLs at the same time, so using static libraries on Windows can only be done when configured -'no-shared'. +`no-shared`. In some cases, it's desirable to include some source files in the shared form of a library only: @@ -435,7 +438,7 @@ be used in that case: NOTE: GENERATE lines are limited to one command only per GENERATE. -Finally, you can have some simple conditional use of the build.info +Finally, you can have some simple conditional use of the `build.info` information, looking like this: IF[1] @@ -461,37 +464,37 @@ conditions based on something in the passed variables, for example: SOURCE[libfoo]=... ENDIF - Build-file programming with the "unified" build system ====================================================== -"Build files" are called "Makefile" on Unix-like operating systems, -"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc. +"Build files" are called `Makefile` on Unix-like operating systems, +`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc. To use the "unified" build system, the target configuration needs to -set the three items 'build_scheme', 'build_file' and 'build_command'. -In the rest of this section, we will assume that 'build_scheme' is set +set the three items `build_scheme`, `build_file` and `build_command`. +In the rest of this section, we will assume that `build_scheme` is set to "unified" (see the configurations documentation above for the details). -For any name given by 'build_file', the "unified" system expects a -template file in Configurations/ named like the build file, with -".tmpl" appended, or in case of possible ambiguity, a combination of -the second 'build_scheme' list item and the 'build_file' name. For -example, if 'build_file' is set to "Makefile", the template could be -Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl. -In case both Configurations/unix-Makefile.tmpl and -Configurations/Makefile.tmpl are present, the former takes +For any name given by `build_file`, the "unified" system expects a +template file in `Configurations/` named like the build file, with +`.tmpl` appended, or in case of possible ambiguity, a combination of +the second `build_scheme` list item and the `build_file` name. For +example, if `build_file` is set to `Makefile`, the template could be +[`Configurations/Makefile.tmpl`](Makefile.tmpl) or +[`Configurations/unix-Makefile.tmpl`](unix-Makefile.tmpl). +In case both [`Configurations/unix-Makefile.tmpl`](Makefile.tmpl) and +[`Configurations/Makefile.tmpl`](Makefile.tmpl) are present, the former takes precedence. The build-file template is processed with the perl module -Text::Template, using "{-" and "-}" as delimiters that enclose the +Text::Template, using `{-` and `-}` as delimiters that enclose the perl code fragments that generate configuration-dependent content. Those perl fragments have access to all the hash variables from configdata.pem. The build-file template is expected to define at least the following -perl functions in a perl code fragment enclosed with "{-" and "-}". +perl functions in a perl code fragment enclosed with `{-` and `-}`. They are all expected to return a string with the lines they produce. generatesrc - function that produces build file lines to generate @@ -640,7 +643,6 @@ else, end it like this: ""; # Make sure no lingering values end up in the Makefile -} - Configure helper scripts ======================== @@ -651,10 +653,10 @@ Checker scripts These scripts are per platform family, to check the integrity of the tools used for configuration and building. The checker script used is -either {build_platform}-{build_file}-checker.pm or -{build_platform}-checker.pm, where {build_platform} is the second -'build_scheme' list element from the configuration target data, and -{build_file} is 'build_file' from the same target data. +either `{build_platform}-{build_file}-checker.pm` or +`{build_platform}-checker.pm`, where `{build_platform}` is the second +`build_scheme` list element from the configuration target data, and +`{build_file}` is `build_file` from the same target data. If the check succeeds, the script is expected to end with a non-zero expression. If the check fails, the script can end with a zero, or diff --git a/Configure b/Configure index b8dfeec477..ce7c895ca0 100755 --- a/Configure +++ b/Configure @@ -301,7 +301,7 @@ foreach ( reverse sort( 'aes', 'aria', 'bf', 'camellia', 'cast', 'des', 'dh', my %version = (); collect_information( - collect_from_file(catfile($srcdir,'VERSION')), + collect_from_file(catfile($srcdir,'VERSION.dat')), qr/\s*(\w+)\s*=\s*(.*?)\s*$/ => sub { # Only define it if there is a value at all @@ -314,7 +314,7 @@ collect_information( } }, "OTHERWISE" => - sub { die "Something wrong with this line:\n$_\nin $srcdir/VERSION" }, + sub { die "Something wrong with this line:\n$_\nin $srcdir/VERSION.dat" }, ); $config{major} = $version{MAJOR} // 'unknown'; @@ -330,7 +330,7 @@ $config{release_date} = $version{RELEASE_DATE} // 'xx XXX xxxx'; $config{version} = "$config{major}.$config{minor}.$config{patch}"; $config{full_version} = "$config{version}$config{prerelease}$config{build_metadata}"; -die "erroneous version information in VERSION: ", +die "erroneous version information in VERSION.dat: ", "$config{version}, $config{shlib_version}\n" unless (defined $version{MAJOR} && defined $version{MINOR} @@ -2739,7 +2739,7 @@ sub death_handler { my @message = ( <<"_____", @_ ); Failure! $build_file wasn't produced. -Please read INSTALL.md and associated NOTES files. You may also have to +Please read INSTALL.md and associated NOTES-* files. You may also have to look over your available compiler tool chain or change your configuration. _____ diff --git a/HACKING b/HACKING deleted file mode 100644 index abf199f541..0000000000 --- a/HACKING +++ /dev/null @@ -1,26 +0,0 @@ - MODIFYING OPENSSL SOURCE - ------------------------ - This document describes the way to add custom modifications to OpenSSL sources. - - If you are adding new public functions to the custom library build, you need to - either add a prototype in one of the existing OpenSSL header files; - or provide a new header file and edit Configurations/unix-Makefile.tmpl to pick up that file. - - After that perform the following steps: - - ./Configure -Werror --strict-warnings [your-options] - make update - make - make test - - "make update" ensures that your functions declarations are added to util/libcrypto.num or util/libssl.num - If you plan to submit the changes you made to OpenSSL (see CONTRIBUTING), it's worth running: - - make doc-nits - - after running "make update" to ensure that documentation has correct format. - - "make update" also generates files related to OIDs (in the crypto/objects/ folder) and errors. - If a merge error occurs in one of these generated files then the generated files need to be removed - and regenerated using "make update". - To aid in this process the generated files can be committed separately so they can be removed easily. diff --git a/HACKING.md b/HACKING.md new file mode 100644 index 0000000000..6375450c24 --- /dev/null +++ b/HACKING.md @@ -0,0 +1,33 @@ +MODIFYING OPENSSL SOURCE +======================== + +This document describes the way to add custom modifications to OpenSSL sources. + + If you are adding new public functions to the custom library build, you need to + either add a prototype in one of the existing OpenSSL header files; + or provide a new header file and edit + [Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl) + to pick up that file. + + After that perform the following steps: + + ./Configure -Werror --strict-warnings [your-options] + make update + make + make test + + `make update` ensures that your functions declarations are added to + `util/libcrypto.num` or `util/libssl.num`. + If you plan to submit the changes you made to OpenSSL + (see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running: + + make doc-nits + + after running `make update` to ensure that documentation has correct format. + + `make update` also generates files related to OIDs (in the `crypto/objects/` + folder) and errors. + If a merge error occurs in one of these generated files then the + generated files need to be removed and regenerated using `make update`. + To aid in this process the generated files can be committed separately + so they can be removed easily. diff --git a/INSTALL.md b/INSTALL.md index 5686415ad8..3ad854823b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -48,8 +48,8 @@ Prerequisites To install OpenSSL, you will need: * A "make" implementation - * Perl 5 with core modules (please read [NOTES.PERL](NOTES.PERL)) - * The Perl module Text::Template (please read [NOTES.PERL](NOTES.PERL)) + * Perl 5 with core modules (please read [NOTES-Perl.md](NOTES-Perl.md)) + * The Perl module `Text::Template` (please read [NOTES-PERL.md](NOTES-Perl.md)) * an ANSI C compiler * a development environment in the form of development libraries and C header files @@ -58,13 +58,13 @@ To install OpenSSL, you will need: For additional platform specific requirements, solutions to specific issues and other details, please read one of these: - * [NOTES.UNIX](NOTES.UNIX) - notes for Unix like systems - * [NOTES.VMS](NOTES.VMS) - notes related to OpenVMS - * [NOTES.WIN](NOTES.WIN) - notes related to the Windows platform - * [NOTES.DJGPP](NOTES.DJGPP) - building for DOS with DJGPP - * [NOTES.ANDROID](NOTES.ANDROID) - building for Android platforms (using NDK) - * [NOTES.VALGRIND](NOTES.VALGRIND) - testing with Valgrind - * [NOTES.PERL](NOTES.PERL) - some notes on Perl + * [NOTES-Unix.md](NOTES-Unix.md) - notes for Unix like systems + * [NOTES-VMS.md](NOTES-VMS.md) - notes related to OpenVMS + * [NOTES-Windows.txt](NOTES-Windows.txt) - notes related to the Windows platform + * [NOTES-DJGPP.md](NOTES-DJGPP.md) - building for DOS with DJGPP + * [NOTES-Android.md](NOTES-Android.md) - building for Android platforms (using NDK) + * [NOTES-Valgrind.md](NOTES-Valgrind.md) - testing with Valgrind + * [NOTES-Perl.m](NOTES-Perl.md) - some notes on Perl Notational conventions ====================== @@ -275,7 +275,7 @@ On OpenVMS: $ perl Configure --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] Note: if you do add options to the configuration command, please make sure -you've read more than just this Quick Start, such as relevant `NOTES.*` files, +you've read more than just this Quick Start, such as relevant `NOTES-*` files, the options outline below, as configuration options may change the outcome in otherwise unexpected ways. @@ -285,7 +285,7 @@ Configuration Options There are several options to `./Configure` to customize the build (note that for Windows, the defaults for `--prefix` and `--openssldir` depend on what configuration is used and what Windows implementation OpenSSL is built on. -More notes on this in [NOTES.WIN](NOTES.WIN)): +More notes on this in [NOTES-Windows.txt](NOTES-Windows.txt): API Level --------- @@ -680,7 +680,8 @@ external test suites are currently supported: - Python PYCA/Cryptography test suite - krb5 test suite -See the file [test/README.external](test/README.external) for further details. +See the file [test/README-external.md](test/README-external.md) +for further details. ### no-filenames @@ -1152,8 +1153,8 @@ run: If your system isn't listed, you will have to create a configuration file named `Configurations/{{ something }}.conf` and add the correct configuration for your system. See the available configs as examples -and read [Configurations/README](Configurations/README) -and [Configurations/README.design](Configurations/README.design) +and read [Configurations/README.md](Configurations/README.md) and +[Configurations/README-design.md](Configurations/README-design.md) for more information. The generic configurations `cc` or `gcc` should usually work on 32 bit @@ -1223,7 +1224,9 @@ be tested. Run: **Warning:** you MUST run the tests from an unprivileged account (or disable your privileges temporarily if your platform allows it). -See the file [test/README.md](test/README.md) for further details. +See [test/README.md](test/README.md) for further details how run tests. + +See [test/README-dev.md](test/README-dev.md) for guidelines on adding tests. Install OpenSSL --------------- @@ -1359,7 +1362,8 @@ over the build process. Typically these should be defined prior to running Use a different build file name than the platform default ("Makefile" on Unix-like platforms, "makefile" on native Windows, "descrip.mms" on OpenVMS). This requires that there is a - corresponding build file template. See Configurations/README + corresponding build file template. + See [Configurations/README.md](Configurations/README.md) for further information. CC @@ -1382,15 +1386,15 @@ over the build process. Typically these should be defined prior to running templates for those platforms. The database is comprised of ".conf" files in the Configurations directory. The build file templates reside there as well as ".tmpl" files. See the - file Configurations/README for further information about the - format of ".conf" files as well as information on the ".tmpl" - files. + file [Configurations/README.md](Configurations/README.md) + for further information about the format of ".conf" files + as well as information on the ".tmpl" files. In addition to the standard ".conf" and ".tmpl" files, it is - possible to create your own ".conf" and ".tmpl" files and store - them locally, outside the OpenSSL source tree. This environment - variable can be set to the directory where these files are held - and will be considered by Configure before it looks in the - standard directories. + possible to create your own ".conf" and ".tmpl" files and + store them locally, outside the OpenSSL source tree. + This environment variable can be set to the directory where + these files are held and will be considered by Configure + before it looks in the standard directories. PERL The name of the Perl executable to use when building OpenSSL. @@ -1501,7 +1505,7 @@ cases it does not succeed. You will see a message like the following: $ ./Configure Operating system: x86-whatever-minix - This system (minix) is not supported. See file INSTALL for details. + This system (minix) is not supported. See file INSTALL.md for details. Even if the automatic target selection by the `./Configure` script fails, chances are that you still might find a suitable target in the `Configurations` @@ -1534,8 +1538,8 @@ known targets. Using `grep`, you can lookup the target definition in the The directory contains two README files, which explain the general syntax and design of the configuration files. - - [Configurations/README](Configurations/README) - - [Configurations/README.design](Configurations/README.design) + - [Configurations/README.md](Configurations/README.md) + - [Configurations/README-design.md](Configurations/README-design.md) If you need further help, try to search the [openssl-users][] mailing list or the [GitHub Issues][] for existing solutions. If you don't find anything, diff --git a/LICENSE b/LICENSE.txt similarity index 100% rename from LICENSE rename to LICENSE.txt diff --git a/NEWS.md b/NEWS.md index 9985bbfd05..e04e5b95c8 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1196,7 +1196,7 @@ OpenSSL 0.9.x * Enhanced EVP interface. [1] The support for external crypto devices is currently a separate - distribution. See the file README.ENGINE. + distribution. See the file README-Engine.md. ### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] diff --git a/NOTES.ANDROID b/NOTES-Android.md similarity index 67% rename from NOTES.ANDROID rename to NOTES-Android.md index 087d5e6f49..e1e7370d26 100644 --- a/NOTES.ANDROID +++ b/NOTES-Android.md @@ -1,6 +1,5 @@ - - NOTES FOR ANDROID PLATFORMS - =========================== +NOTES FOR ANDROID PLATFORMS +=========================== Requirement details ------------------- @@ -15,27 +14,27 @@ Configuration ------------- - Android is a cross-compiled target and you can't rely on ./Configure + Android is a cross-compiled target and you can't rely on `./Configure` to find out the configuration target for you. You have to name your - target explicitly; there are android-arm, android-arm64, android-mips, - android-mip64, android-x86 and android-x86_64 (*MIPS targets are no + target explicitly; there are `android-arm`, `android-arm64`, `android-mips`, + `android-mip64`, `android-x86` and `android-x86_64` (`*MIPS` targets are no longer supported with NDK R20+). Do not pass --cross-compile-prefix (as you might be tempted), as it will be "calculated" automatically based on chosen platform. However, you still need to know the prefix to extend your PATH, in order to - invoke $(CROSS_COMPILE)clang [*gcc on NDK 19 and lower] and company. - (Configure will fail and give you a hint if you get it wrong.) + invoke `$(CROSS_COMPILE)clang` [`*gcc` on NDK 19 and lower] and company. + (`./Configure` will fail and give you a hint if you get it wrong.) - Apart from PATH adjustment you need to set ANDROID_NDK_ROOT environment - to point at the NDK directory. If you're using a side-by-side NDK the path - will look something like /some/where/android-sdk/ndk/, and for a - standalone NDK the path will be something like /some/where/android-ndk-. + Apart from `PATH` adjustment you need to set `ANDROID_NDK_ROOT` environment + to point at the `NDK` directory. If you're using a side-by-side NDK the path + will look something like `/some/where/android-sdk/ndk/`, and for a + standalone NDK the path will be something like `/some/where/android-ndk-`. Both variables are significant at both configuration and compilation times. - The NDK customarily supports multiple Android API levels, e.g. android-14, - android-21, etc. By default latest API level is chosen. If you need to - target an older platform pass the argument -D__ANDROID_API__=N to Configure, - with N being the numerical value of the target platform version. For example, + The NDK customarily supports multiple Android API levels, e.g. `android-14`, + `android-21`, etc. By default latest API level is chosen. If you need to target + an older platform pass the argument `-D__ANDROID_API__=N` to `Configure`, + with `N` being the numerical value of the target platform version. For example, to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570 export ANDROID_NDK_ROOT=/home/whoever/Android/android-sdk/ndk/20.0.5594570 @@ -52,13 +51,13 @@ ./Configure android-arm -D__ANDROID_API__=14 make - Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT - variable set to $ANDROID_NDK_ROOT/platforms/android-/arch- to + Caveat lector! Earlier OpenSSL versions relied on additional `CROSS_SYSROOT` + variable set to `$ANDROID_NDK_ROOT/platforms/android-/arch-` to appoint headers-n-libraries' location. It's still recognized in order to facilitate migration from older projects. However, since API level - appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in + appears in `CROSS_SYSROOT` value, passing `-D__ANDROID_API__=N` can be in conflict, and mixing the two is therefore not supported. Migration to - CROSS_SYSROOT-less setup is recommended. + `CROSS_SYSROOT`-less setup is recommended. One can engage clang by adjusting PATH to cover same NDK's clang. Just keep in mind that if you miss it, Configure will try to use gcc... @@ -68,9 +67,9 @@ Another option is to create so called "standalone toolchain" tailored for single specific platform including Android API level, and assign its - location to ANDROID_NDK_ROOT. In such case you have to pass matching - target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH - adjustment becomes simpler, $ANDROID_NDK_ROOT/bin:$PATH suffices. + location to `ANDROID_NDK_ROOT`. In such case you have to pass matching + target name to Configure and shouldn't use `-D__ANDROID_API__=N`. `PATH` + adjustment becomes simpler, `$ANDROID_NDK_ROOT/bin:$PATH` suffices. Running tests (on Linux) ------------------------ diff --git a/NOTES.DJGPP b/NOTES-DJGPP.md similarity index 52% rename from NOTES.DJGPP rename to NOTES-DJGPP.md index d43d4e86de..739710b09c 100644 --- a/NOTES.DJGPP +++ b/NOTES-DJGPP.md @@ -1,7 +1,5 @@ - - - INSTALLATION ON THE DOS PLATFORM WITH DJGPP - ------------------------------------------- +INSTALLATION ON THE DOS PLATFORM WITH DJGPP +=========================================== OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time environment for 16-bit DOS, but only with long filename support. @@ -11,28 +9,28 @@ You should have a full DJGPP environment installed, including the latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package - requires that PERL and the PERL module Text::Template also be - installed (see NOTES.PERL). + requires that PERL and the PERL module `Text::Template` also be + installed (see [NOTES-Perl.md](NOTES-Perl.md)). All of these can be obtained from the usual DJGPP mirror sites or - directly at "http://www.delorie.com/pub/djgpp". For help on which + directly at . For help on which files to download, see the DJGPP "ZIP PICKER" page at - "http://www.delorie.com/djgpp/zip-picker.html". You also need to have + . You also need to have the WATT-32 networking package installed before you try to compile - OpenSSL. This can be obtained from "http://www.watt-32.net/". + OpenSSL. This can be obtained from . The Makefile assumes that the WATT-32 code is in the directory specified by the environment variable WATT_ROOT. If you have watt-32 - in directory "watt32" under your main DJGPP directory, specify - WATT_ROOT="/dev/env/DJDIR/watt32". + in directory `watt32` under your main DJGPP directory, specify + `WATT_ROOT="/dev/env/DJDIR/watt32"`. To compile OpenSSL, start your BASH shell, then configure for DJGPP by - running "./Configure" with appropriate arguments: + running `./Configure` with appropriate arguments: - ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP + ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP - And finally fire up "make". You may run out of DPMI selectors when + And finally fire up `make`. You may run out of DPMI selectors when running in a DOS box under Windows. If so, just close the BASH - shell, go back to Windows, and restart BASH. Then run "make" again. + shell, go back to Windows, and restart BASH. Then run `make` again. RUN-TIME CAVEAT LECTOR -------------- @@ -41,8 +39,8 @@ "Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness - device" (/dev/urandom or /dev/random) that serves this purpose." + device" (`/dev/urandom` or `/dev/random`) that serves this purpose." - As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd - party "randomness" DOS driver. One such driver, NOISE.SYS, can be - obtained from "http://www.rahul.net/dkaufman/index.html". + As of version 0.9.7f DJGPP port checks upon `/dev/urandom$` for a 3rd + party "randomness" DOS driver. One such driver, `NOISE.SYS`, can be + obtained from . diff --git a/NOTES.PERL b/NOTES-Perl.md similarity index 71% rename from NOTES.PERL rename to NOTES-Perl.md index 6c1d7c8cb1..13565dea6c 100644 --- a/NOTES.PERL +++ b/NOTES-Perl.md @@ -1,5 +1,5 @@ - TOC - === +TOC +=== - Notes on Perl - Notes on Perl on Windows @@ -18,10 +18,10 @@ installed properly. We do not claim to know them all, but experience has told us the following: - - on Linux distributions based on Debian, the package 'perl' will + - on Linux distributions based on Debian, the package `perl` will install the core Perl modules as well, so you will be fine. - on Linux distributions based on RPMs, you will need to install - 'perl-core' rather than just 'perl'. + `perl-core` rather than just `perl`. You MUST have at least Perl version 5.10.0 installed. This minimum requirement is due to our use of regexp backslash sequence \R among @@ -31,23 +31,23 @@ ------------------------ There are a number of build targets that can be viewed as "Windows". - Indeed, there are VC-* configs targeting VisualStudio C, as well as + Indeed, there are `VC-*` configs targeting VisualStudio C, as well as MinGW and Cygwin. The key recommendation is to use "matching" Perl, one that matches build environment. For example, if you will build on Cygwin be sure to use the Cygwin package manager to install Perl. For MSYS builds use the MSYS provided Perl. - For VC-* builds we recommend Strawberry Perl, from http://strawberryperl.com. - An alternative is ActiveState Perl, from http://www.activestate.com/ActivePerl + For VC-* builds we recommend Strawberry Perl, from . + An alternative is ActiveState Perl, from for which you may need to explicitly select the Perl module Win32/Console.pm - available via https://platform.activestate.com/ActiveState. + available via . Notes on Perl on VMS -------------------- You will need to install Perl separately. One way to do so is to - download the source from http://perl.org/, unpacking it, reading - README.vms and follow the instructions. Another way is to download a - .PCSI file from http://www.vmsperl.com/ and install it using the + download the source from , unpacking it, reading + `README-VMS.md` and follow the instructions. Another way is to download a + `.PCSI` file from and install it using the POLYCENTER install tool. Notes on Perl modules we use @@ -57,18 +57,22 @@ ourselves to core Perl modules to keep the requirements down. There are just a few exceptions: - Test::More We require the minimum version to be 0.96, which - appeared in Perl 5.13.4, because that version was - the first to have all the features we're using. - This module is required for testing only! If you - don't plan on running the tests, you don't need to - bother with this one. + * `Test::More` - Text::Template This module is not part of the core Perl modules. - As a matter of fact, the core Perl modules do not - include any templating module to date. - This module is absolutely needed, configuration - depends on it. + We require the minimum version to be 0.96, which + appeared in Perl 5.13.4, because that version was + the first to have all the features we're using. + This module is required for testing only! + If you don't plan on running the tests, + you don't need to bother with this one. + + * `Text::Template` + + This module is not part of the core Perl modules. + As a matter of fact, the core Perl modules do not + include any templating module to date. + This module is absolutely needed, + configuration depends on it. To avoid unnecessary initial hurdles, we have bundled a copy of the following modules in our source. They will work as fallbacks if @@ -80,7 +84,7 @@ --------------------------------- There are a number of ways to install a perl module. In all - descriptions below, Text::Template will serve as an example. + descriptions below, `Text::Template` will serve as an example. 1. for Linux users, the easiest is to install with the use of your favorite package manager. Usually, all you need to do is search diff --git a/NOTES.UNIX b/NOTES-Unix.md similarity index 69% rename from NOTES.UNIX rename to NOTES-Unix.md index 0e3c099ea2..98f3a799cc 100644 --- a/NOTES.UNIX +++ b/NOTES-Unix.md @@ -1,9 +1,8 @@ +NOTES FOR UNIX-LIKE PLATFORMS +============================= - NOTES FOR UNIX LIKE PLATFORMS - ============================= - - For Unix/POSIX runtime systems on Windows, please see NOTES.WIN. - + For Unix/POSIX runtime systems on Windows, + please see [NOTES-Windows.txt](NOTES-Windows.txt). OpenSSL uses the compiler to link programs and shared libraries --------------------------------------------------------------- @@ -13,21 +12,20 @@ objects. Because of this, any linking option that's given to the configuration scripts MUST be in a form that the compiler can accept. This varies between systems, where some have compilers that accept - linker flags directly, while others take them in '-Wl,' form. You need + linker flags directly, while others take them in `-Wl,` form. You need to read your compiler documentation to figure out what is acceptable, - and ld(1) to figure out what linker options are available. - + and `ld(1)` to figure out what linker options are available. Shared libraries and installation in non-default locations ---------------------------------------------------------- Every Unix system has its own set of default locations for shared - libraries, such as /lib, /usr/lib or possibly /usr/local/lib. If + libraries, such as `/lib`, `/usr/lib` or possibly `/usr/local/lib`. If libraries are installed in non-default locations, dynamically linked binaries will not find them and therefore fail to run, unless they get a bit of help from a defined runtime shared library search path. - For OpenSSL's application (the 'openssl' command), our configuration + For OpenSSL's application (the `openssl` command), our configuration scripts do NOT generally set the runtime shared library search path for you. It's therefore advisable to set it explicitly when configuring, unless the libraries are to be installed in directories that you know @@ -42,15 +40,15 @@ Possible options to set the runtime shared library search path include the following: - -Wl,-rpath,/whatever/path # Linux, *BSD, etc. - -R /whatever/path # Solaris - -Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally) - -Wl,+b,/whatever/path # HP-UX - -rpath /whatever/path # Tru64, IRIX + -Wl,-rpath,/whatever/path # Linux, *BSD, etc. + -R /whatever/path # Solaris + -Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally) + -Wl,+b,/whatever/path # HP-UX + -rpath /whatever/path # Tru64, IRIX OpenSSL's configuration scripts recognise all these options and pass them to the Makefile that they build. (In fact, all arguments starting - with '-Wl,' are recognised as linker options.) + with `-Wl,` are recognised as linker options.) Please do not use verbatim directories in your runtime shared library search path! Some OpenSSL config targets add an extra directory level @@ -63,28 +61,27 @@ '-Wl,-rpath,$(LIBRPATH)' On modern ELF based systems, there are two runtime search paths tags to - consider, DT_RPATH and DT_RUNPATH. Shared objects are searched for in + consider, `DT_RPATH` and `DT_RUNPATH`. Shared objects are searched for in this order: - 1. Using directories specified in DT_RPATH, unless DT_RUNPATH is - also set. - 2. Using the environment variable LD_LIBRARY_PATH - 3. Using directories specified in DT_RUNPATH. - 4. Using system shared object caches and default directories. + 1. Using directories specified in DT_RPATH, unless DT_RUNPATH is also set. + 2. Using the environment variable LD_LIBRARY_PATH + 3. Using directories specified in DT_RUNPATH. + 4. Using system shared object caches and default directories. - This means that the values in the environment variable LD_LIBRARY_PATH - won't matter if the library is found in the paths given by DT_RPATH - (and DT_RUNPATH isn't set). + This means that the values in the environment variable `LD_LIBRARY_PATH` + won't matter if the library is found in the paths given by `DT_RPATH` + (and `DT_RUNPATH` isn't set). - Exactly which of DT_RPATH or DT_RUNPATH is set by default appears to + Exactly which of `DT_RPATH` or `DT_RUNPATH` is set by default appears to depend on the system. For example, according to documentation, - DT_RPATH appears to be deprecated on Solaris in favor of DT_RUNPATH, - while on Debian GNU/Linux, either can be set, and DT_RPATH is the + `DT_RPATH` appears to be deprecated on Solaris in favor of `DT_RUNPATH`, + while on Debian GNU/Linux, either can be set, and `DT_RPATH` is the default at the time of writing. How to choose which runtime search path tag is to be set depends on your system, please refer to ld(1) for the exact information on your - system. As an example, the way to ensure the DT_RUNPATH is set on + system. As an example, the way to ensure the `DT_RUNPATH` is set on Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to set new dtags, like this: @@ -93,7 +90,7 @@ It might be worth noting that some/most ELF systems implement support for runtime search path relative to the directory containing current - executable, by interpreting $ORIGIN along with some other internal + executable, by interpreting `$ORIGIN` along with some other internal variables. Consult your system documentation. Linking your application @@ -104,7 +101,7 @@ The OpenSSL config options mentioned above might or might not have bearing on linking of the target application. "Might" means that under some circumstances it would be sufficient to link with OpenSSL shared library - "naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are + "naturally", i.e. with `-L/whatever/path -lssl -lcrypto`. But there are also cases when you'd have to explicitly specify runtime search path when linking your application. Consult your system documentation and use above section as inspiration... @@ -114,4 +111,4 @@ for shared libraries first and tend to remain "blind" to static OpenSSL libraries. Referring to system documentation would suffice, if not for a corner case. On AIX static libraries (in shared build) are named - differently, add _a suffix to link with them, e.g. -lcrypto_a. + differently, add `_a` suffix to link with them, e.g. `-lcrypto_a`. diff --git a/NOTES.VMS b/NOTES-VMS.md similarity index 81% rename from NOTES.VMS rename to NOTES-VMS.md index c82e231ad7..c317e82de2 100644 --- a/NOTES.VMS +++ b/NOTES-VMS.md @@ -1,17 +1,15 @@ - - NOTES FOR THE OPENVMS PLATFORM - ============================== +NOTES FOR THE OPENVMS PLATFORM +============================== Requirement details ------------------- - In addition to the requirements and instructions listed in INSTALL, - this are required as well: + In addition to the requirements and instructions listed + in [INSTALL.md](INSTALL.md), this are required as well: * At least ODS-5 disk organization for source and build. Installation can be done on any existing disk organization. - About ANSI C compiler --------------------- @@ -22,20 +20,19 @@ version 7.1 or later. Compiling with a different ANSI C compiler may require some work. - Please avoid using C RTL feature logical names DECC$* when building + Please avoid using C RTL feature logical names `DECC$*` when building and testing OpenSSL. Most of all, they can be disruptive when running the tests, as they affect the Perl interpreter. - About ODS-5 directory names and Perl ------------------------------------ - It seems that the perl function canonpath() in the File::Spec module + It seems that the perl function canonpath() in the `File::Spec` module doesn't treat file specifications where the last directory name contains periods very well. Unfortunately, some versions of VMS tar will keep the periods in the OpenSSL source directory instead of converting them to underscore, thereby leaving your source in - something like [.openssl-1^.1^.0]. This will lead to issues when + something like `[.openssl-1^.1^.0]`. This will lead to issues when configuring and building OpenSSL. We have no replacement for Perl's canonpath(), so the best workaround @@ -44,7 +41,6 @@ $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR - About MMS and DCL ----------------- @@ -55,7 +51,6 @@ yourself up a few logical names for the directory trees you're going to use. - About debugging --------------- @@ -68,7 +63,7 @@ directly for debugging. Do not try to use them from a script, such as running the test suite. - *The following is not available on Alpha* + ### The following is not available on Alpha As a compromise, we're turning off the flag that makes the debugger start automatically. If there is a program that you need to debug, @@ -81,7 +76,6 @@ $ set image /flag=nocall_debug [.test]evp_test.exe - Checking the distribution ------------------------- @@ -92,16 +86,16 @@ The easiest way to check if everything got through as it should is to check for one of the following files: - [.crypto]opensslconf^.h.in + [.crypto]opensslconf^.h.in The best way to get a correct distribution is to download the gzipped - tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress - it and VMSTAR to unpack the resulting tar file. + tar file from ftp://ftp.openssl.org/source/, use `GZIP -d` to uncompress + it and `VMSTAR` to unpack the resulting tar file. Gzip and VMSTAR are available here: - http://antinode.info/dec/index.html#Software + Should you need it, you can find UnZip for VMS here: - http://www.info-zip.org/UnZip.html + diff --git a/NOTES.VALGRIND b/NOTES-Valgrind.md similarity index 64% rename from NOTES.VALGRIND rename to NOTES-Valgrind.md index 0ecca4f7dc..00647cbd9b 100644 --- a/NOTES.VALGRIND +++ b/NOTES-Valgrind.md @@ -1,4 +1,3 @@ - NOTES FOR VALGRIND ================== @@ -14,11 +13,11 @@ Requirements ------------ 1. Platform supported by Valgrind - See: http://valgrind.org/info/platforms.html + See 2. Valgrind installed on the platform - See: http://valgrind.org/downloads/current.html + See 3. OpensSSL compiled - See: [INSTALL.md](INSTALL.md) + See [INSTALL.md](INSTALL.md) Running Tests ------------- @@ -28,18 +27,19 @@ Test behavior can be modified by adjusting environment variables. `EXE_SHELL` This variable is used to specify the shell used to execute OpenSSL test -programs. The default wrapper (util/wrap.pl) initializes the environment +programs. The default wrapper (`util/wrap.pl`) initializes the environment to allow programs to find shared libraries. The variable can be modified to specify a different executable environment. - EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" + EXE_SHELL=\ + "`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" -This will start up Valgrind with the default checker (memcheck). -The --error-exitcode=1 option specifies that Valgrind should exit with an +This will start up Valgrind with the default checker (`memcheck`). +The `--error-exitcode=1` option specifies that Valgrind should exit with an error code of 1 when memory leaks occur. -The --leak-check=full option specifies extensive memory checking. -The -q option prints only error messages. -Additional Valgrind options may be added to the EXE_SHELL variable. +The `--leak-check=full` option specifies extensive memory checking. +The `-q` option prints only error messages. +Additional Valgrind options may be added to the `EXE_SHELL` variable. `OPENSSL_ia32cap` @@ -55,16 +55,18 @@ supported. Setting the following disables instructions beyond AVX2: This variable may need to be set to something different based on the processor and Valgrind version you are running tests on. More information -may be found in [docs/man3/OPENSSL_ia32cap.pod](docs/man3/OPENSSL_ia32cap.pod). +may be found in [doc/man3/OPENSSL_ia32cap.pod](doc/man3/OPENSSL_ia32cap.pod). Additional variables (such as `VERBOSE` and `TESTS`) are described in the file [test/README.md](test/README.md). Example command line: - $ make test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0" + $ make test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 \ + --leak-check=full -q" OPENSSL_ia32cap=":0" -If an error occurs, you can then run the specific test via the `TESTS` -variable with the VERBOSE option to gather additional information. +If an error occurs, you can then run the specific test via the `TESTS` variable +with the `VERBOSE` or `VF` or `VFP` options to gather additional information. - $ make test VERBOSE=1 TESTS=test_test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0" + $ make test VERBOSE=1 TESTS=test_test EXE_SHELL="`/bin/pwd`/util/wrap.pl \ + valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0" diff --git a/NOTES.WIN b/NOTES-Windows.txt similarity index 100% rename from NOTES.WIN rename to NOTES-Windows.txt diff --git a/README-Engine.md b/README-Engine.md new file mode 100644 index 0000000000..2fc4e40a2b --- /dev/null +++ b/README-Engine.md @@ -0,0 +1,308 @@ +ENGINES +======= + + With OpenSSL 0.9.6, a new component was added to support alternative + cryptography implementations, most commonly for interfacing with external + crypto devices (eg. accelerator cards). This component is called ENGINE, + and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases) + caused a little confusion as 0.9.6** releases were rolled in two + versions, a "standard" and an "engine" version. In development for 0.9.7, + the ENGINE code has been merged into the main branch and will be present + in the standard releases from 0.9.7 forwards. + + There are currently built-in ENGINE implementations for the following + crypto devices: + + * Microsoft CryptoAPI + * VIA Padlock + * nCipher CHIL + + In addition, dynamic binding to external ENGINE implementations is now + provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE" + section below for details. + + At this stage, a number of things are still needed and are being worked on: + + 1. Integration of EVP support. + 2. Configuration support. + 3. Documentation! + + Integration of EVP support + -------------------------- + + With respect to EVP, this relates to support for ciphers and digests in + the ENGINE model so that alternative implementations of existing + algorithms/modes (or previously unimplemented ones) can be provided by + ENGINE implementations. + + Configuration support + --------------------- + + Configuration support currently exists in the ENGINE API itself, in the + form of "control commands". These allow an application to expose to the + user/admin the set of commands and parameter types a given ENGINE + implementation supports, and for an application to directly feed string + based input to those ENGINEs, in the form of name-value pairs. This is an + extensible way for ENGINEs to define their own "configuration" mechanisms + that are specific to a given ENGINE (eg. for a particular hardware + device) but that should be consistent across *all* OpenSSL-based + applications when they use that ENGINE. Work is in progress (or at least + in planning) for supporting these control commands from the CONF (or + NCONF) code so that applications using OpenSSL's existing configuration + file format can have ENGINE settings specified in much the same way. + Presently however, applications must use the ENGINE API itself to provide + such functionality. To see first hand the types of commands available + with the various compiled-in ENGINEs (see further down for dynamic + ENGINEs), use the "engine" openssl utility with full verbosity, i.e.: + + openssl engine -vvvv + + Documentation + ------------- + + Documentation? Volunteers welcome! The source code is reasonably well + self-documenting, but some summaries and usage instructions are needed - + moreover, they are needed in the same POD format the existing OpenSSL + documentation is provided in. Any complete or incomplete contributions + would help make this happen. + + STABILITY & BUG-REPORTS + ======================= + + What already exists is fairly stable as far as it has been tested, but + the test base has been a bit small most of the time. For the most part, + the vendors of the devices these ENGINEs support have contributed to the + development and/or testing of the implementations, and *usually* (with no + guarantees) have experience in using the ENGINE support to drive their + devices from common OpenSSL-based applications. Bugs and/or inexplicable + behaviour in using a specific ENGINE implementation should be sent to the + author of that implementation (if it is mentioned in the corresponding C + file), and in the case of implementations for commercial hardware + devices, also through whatever vendor support channels are available. If + none of this is possible, or the problem seems to be something about the + ENGINE API itself (ie. not necessarily specific to a particular ENGINE + implementation) then you should mail complete details to the relevant + OpenSSL mailing list. For a definition of "complete details", refer to + the OpenSSL "README" file. As for which list to send it to: + + * openssl-users: if you are *using* the ENGINE abstraction, either in an + pre-compiled application or in your own application code. + + * openssl-dev: if you are discussing problems with OpenSSL source code. + + USAGE + ===== + + The default "openssl" ENGINE is always chosen when performing crypto + operations unless you specify otherwise. You must actively tell the + openssl utility commands to use anything else through a new command line + switch called "-engine". Also, if you want to use the ENGINE support in + your own code to do something similar, you must likewise explicitly + select the ENGINE implementation you want. + + Depending on the type of hardware, system, and configuration, "settings" + may need to be applied to an ENGINE for it to function as expected/hoped. + The recommended way of doing this is for the application to support + ENGINE "control commands" so that each ENGINE implementation can provide + whatever configuration primitives it might require and the application + can allow the user/admin (and thus the hardware vendor's support desk + also) to provide any such input directly to the ENGINE implementation. + This way, applications do not need to know anything specific to any + device, they only need to provide the means to carry such user/admin + input through to the ENGINE in question. Ie. this connects *you* (and + your helpdesk) to the specific ENGINE implementation (and device), and + allows application authors to not get buried in hassle supporting + arbitrary devices they know (and care) nothing about. + + A new "openssl" utility, "openssl engine", has been added in that allows + for testing and examination of ENGINE implementations. Basic usage + instructions are available by specifying the "-?" command line switch. + + DYNAMIC ENGINES + =============== + + The new "dynamic" ENGINE provides a low-overhead way to support ENGINE + implementations that aren't pre-compiled and linked into OpenSSL-based + applications. This could be because existing compiled-in implementations + have known problems and you wish to use a newer version with an existing + application. It could equally be because the application (or OpenSSL + library) you are using simply doesn't have support for the ENGINE you + wish to use, and the ENGINE provider (eg. hardware vendor) is providing + you with a self-contained implementation in the form of a shared-library. + The other use-case for "dynamic" is with applications that wish to + maintain the smallest foot-print possible and so do not link in various + ENGINE implementations from OpenSSL, but instead leaves you to provide + them, if you want them, in the form of "dynamic"-loadable + shared-libraries. It should be possible for hardware vendors to provide + their own shared-libraries to support arbitrary hardware to work with + applications based on OpenSSL 0.9.7 or later. If you're using an + application based on 0.9.7 (or later) and the support you desire is only + announced for versions later than the one you need, ask the vendor to + backport their ENGINE to the version you need. + + How does "dynamic" work? + ------------------------ + + The dynamic ENGINE has a special flag in its implementation such that + every time application code asks for the 'dynamic' ENGINE, it in fact + gets its own copy of it. As such, multi-threaded code (or code that + multiplexes multiple uses of 'dynamic' in a single application in any + way at all) does not get confused by 'dynamic' being used to do many + independent things. Other ENGINEs typically don't do this so there is + only ever 1 ENGINE structure of its type (and reference counts are used + to keep order). The dynamic ENGINE itself provides absolutely no + cryptographic functionality, and any attempt to "initialise" the ENGINE + automatically fails. All it does provide are a few "control commands" + that can be used to control how it will load an external ENGINE + implementation from a shared-library. To see these control commands, + use the command-line; + + openssl engine -vvvv dynamic + + The "SO_PATH" control command should be used to identify the + shared-library that contains the ENGINE implementation, and "NO_VCHECK" + might possibly be useful if there is a minor version conflict and you + (or a vendor helpdesk) is convinced you can safely ignore it. + "ID" is probably only needed if a shared-library implements + multiple ENGINEs, but if you know the engine id you expect to be using, + it doesn't hurt to specify it (and this provides a sanity check if + nothing else). "LIST_ADD" is only required if you actually wish the + loaded ENGINE to be discoverable by application code later on using the + ENGINE's "id". For most applications, this isn't necessary - but some + application authors may have nifty reasons for using it. The "LOAD" + command is the only one that takes no parameters and is the command + that uses the settings from any previous commands to actually *load* + the shared-library ENGINE implementation. If this command succeeds, the + (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE + that has been loaded from the shared-library. As such, any control + commands supported by the loaded ENGINE could then be executed as per + normal. Eg. if ENGINE "foo" is implemented in the shared-library + "libfoo.so" and it supports some special control command "CMD_FOO", the + following code would load and use it (NB: obviously this code has no + error checking); + + ENGINE *e = ENGINE_by_id("dynamic"); + ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0); + ENGINE_ctrl_cmd_string(e, "ID", "foo", 0); + ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0); + ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0); + + For testing, the "openssl engine" utility can be useful for this sort + of thing. For example the above code excerpt would achieve much the + same result as; + + openssl engine dynamic \ + -pre SO_PATH:/lib/libfoo.so \ + -pre ID:foo \ + -pre LOAD \ + -pre "CMD_FOO:some input data" + + Or to simply see the list of commands supported by the "foo" ENGINE; + + openssl engine -vvvv dynamic \ + -pre SO_PATH:/lib/libfoo.so \ + -pre ID:foo \ + -pre LOAD + + Applications that support the ENGINE API and more specifically, the + "control commands" mechanism, will provide some way for you to pass + such commands through to ENGINEs. As such, you would select "dynamic" + as the ENGINE to use, and the parameters/commands you pass would + control the *actual* ENGINE used. Each command is actually a name-value + pair and the value can sometimes be omitted (eg. the "LOAD" command). + Whilst the syntax demonstrated in "openssl engine" uses a colon to + separate the command name from the value, applications may provide + their own syntax for making that separation (eg. a win32 registry + key-value pair may be used by some applications). The reason for the + "-pre" syntax in the "openssl engine" utility is that some commands + might be issued to an ENGINE *after* it has been initialised for use. + Eg. if an ENGINE implementation requires a smart-card to be inserted + during initialisation (or a PIN to be typed, or whatever), there may be + a control command you can issue afterwards to "forget" the smart-card + so that additional initialisation is no longer possible. In + applications such as web-servers, where potentially volatile code may + run on the same host system, this may provide some arguable security + value. In such a case, the command would be passed to the ENGINE after + it has been initialised for use, and so the "-post" switch would be + used instead. Applications may provide a different syntax for + supporting this distinction, and some may simply not provide it at all + ("-pre" is almost always what you're after, in reality). + + How do I build a "dynamic" ENGINE? + ---------------------------------- + + This question is trickier - currently OpenSSL bundles various ENGINE + implementations that are statically built in, and any application that + calls the "ENGINE_load_builtin_engines()" function will automatically + have all such ENGINEs available (and occupying memory). Applications + that don't call that function have no ENGINEs available like that and + would have to use "dynamic" to load any such ENGINE - but on the other + hand such applications would only have the memory footprint of any + ENGINEs explicitly loaded using user/admin provided control commands. + The main advantage of not statically linking ENGINEs and only using + "dynamic" for hardware support is that any installation using no + "external" ENGINE suffers no unnecessary memory footprint from unused + ENGINEs. Likewise, installations that do require an ENGINE incur the + overheads from only *that* ENGINE once it has been loaded. + + Sounds good? Maybe, but currently building an ENGINE implementation as + a shared-library that can be loaded by "dynamic" isn't automated in + OpenSSL's build process. It can be done manually quite easily however. + Such a shared-library can either be built with any OpenSSL code it + needs statically linked in, or it can link dynamically against OpenSSL + if OpenSSL itself is built as a shared library. The instructions are + the same in each case, but in the former (statically linked any + dependencies on OpenSSL) you must ensure OpenSSL is built with + position-independent code ("PIC"). The default OpenSSL compilation may + already specify the relevant flags to do this, but you should consult + with your compiler documentation if you are in any doubt. + + This example will show building the "atalla" ENGINE in the + crypto/engine/ directory as a shared-library for use via the "dynamic" + ENGINE. + + 1. "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL + source tree. + + 2. Recompile at least one source file so you can see all the compiler + flags (and syntax) being used to build normally. Eg; + + touch hw_atalla.c ; make + + will rebuild "hw_atalla.o" using all such flags. + + 3. Manually enter the same compilation line to compile the + "hw_atalla.c" file but with the following two changes; + * add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches, + * change the output file from "hw_atalla.o" to something new, + eg. "tmp_atalla.o" + + 4. Link "tmp_atalla.o" into a shared-library using the top-level + OpenSSL libraries to resolve any dependencies. The syntax for doing + this depends heavily on your system/compiler and is a nightmare + known well to anyone who has worked with shared-library portability + before. 'gcc' on Linux, for example, would use the following syntax; + + gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto + + 5. Test your shared library using "openssl engine" as explained in the + previous section. Eg. from the top-level directory, you might try + + apps/openssl engine -vvvv dynamic \ + -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD + + If the shared-library loads successfully, you will see both "-pre" + commands marked as "SUCCESS" and the list of control commands + displayed (because of "-vvvv") will be the control commands for the + *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add + the "-t" switch to the utility if you want it to try and initialise + the atalla ENGINE for use to test any possible hardware/driver issues. + + PROBLEMS + ======== + + It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32. + A quick test done right before the release showed that trying "openssl speed + -engine cswift" generated errors. If the DSO gets enabled, an attempt is made + to write at memory address 0x00000002. + diff --git a/README.FIPS b/README-FIPS.md similarity index 58% rename from README.FIPS rename to README-FIPS.md index 859348664e..ec70370177 100644 --- a/README.FIPS +++ b/README-FIPS.md @@ -1 +1,4 @@ +OpenSSL FIPS support +==================== + This release does not support a FIPS 140-2 validated module. diff --git a/README.ENGINE b/README.ENGINE deleted file mode 100644 index 230dc82a87..0000000000 --- a/README.ENGINE +++ /dev/null @@ -1,287 +0,0 @@ - ENGINE - ====== - - With OpenSSL 0.9.6, a new component was added to support alternative - cryptography implementations, most commonly for interfacing with external - crypto devices (eg. accelerator cards). This component is called ENGINE, - and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases) - caused a little confusion as 0.9.6** releases were rolled in two - versions, a "standard" and an "engine" version. In development for 0.9.7, - the ENGINE code has been merged into the main branch and will be present - in the standard releases from 0.9.7 forwards. - - There are currently built-in ENGINE implementations for the following - crypto devices: - - o Microsoft CryptoAPI - o VIA Padlock - o nCipher CHIL - - In addition, dynamic binding to external ENGINE implementations is now - provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE" - section below for details. - - At this stage, a number of things are still needed and are being worked on: - - 1 Integration of EVP support. - 2 Configuration support. - 3 Documentation! - -1 With respect to EVP, this relates to support for ciphers and digests in - the ENGINE model so that alternative implementations of existing - algorithms/modes (or previously unimplemented ones) can be provided by - ENGINE implementations. - -2 Configuration support currently exists in the ENGINE API itself, in the - form of "control commands". These allow an application to expose to the - user/admin the set of commands and parameter types a given ENGINE - implementation supports, and for an application to directly feed string - based input to those ENGINEs, in the form of name-value pairs. This is an - extensible way for ENGINEs to define their own "configuration" mechanisms - that are specific to a given ENGINE (eg. for a particular hardware - device) but that should be consistent across *all* OpenSSL-based - applications when they use that ENGINE. Work is in progress (or at least - in planning) for supporting these control commands from the CONF (or - NCONF) code so that applications using OpenSSL's existing configuration - file format can have ENGINE settings specified in much the same way. - Presently however, applications must use the ENGINE API itself to provide - such functionality. To see first hand the types of commands available - with the various compiled-in ENGINEs (see further down for dynamic - ENGINEs), use the "engine" openssl utility with full verbosity, ie; - openssl engine -vvvv - -3 Documentation? Volunteers welcome! The source code is reasonably well - self-documenting, but some summaries and usage instructions are needed - - moreover, they are needed in the same POD format the existing OpenSSL - documentation is provided in. Any complete or incomplete contributions - would help make this happen. - - STABILITY & BUG-REPORTS - ======================= - - What already exists is fairly stable as far as it has been tested, but - the test base has been a bit small most of the time. For the most part, - the vendors of the devices these ENGINEs support have contributed to the - development and/or testing of the implementations, and *usually* (with no - guarantees) have experience in using the ENGINE support to drive their - devices from common OpenSSL-based applications. Bugs and/or inexplicable - behaviour in using a specific ENGINE implementation should be sent to the - author of that implementation (if it is mentioned in the corresponding C - file), and in the case of implementations for commercial hardware - devices, also through whatever vendor support channels are available. If - none of this is possible, or the problem seems to be something about the - ENGINE API itself (ie. not necessarily specific to a particular ENGINE - implementation) then you should mail complete details to the relevant - OpenSSL mailing list. For a definition of "complete details", refer to - the OpenSSL "README" file. As for which list to send it to; - - openssl-users: if you are *using* the ENGINE abstraction, either in an - pre-compiled application or in your own application code. - - openssl-dev: if you are discussing problems with OpenSSL source code. - - USAGE - ===== - - The default "openssl" ENGINE is always chosen when performing crypto - operations unless you specify otherwise. You must actively tell the - openssl utility commands to use anything else through a new command line - switch called "-engine". Also, if you want to use the ENGINE support in - your own code to do something similar, you must likewise explicitly - select the ENGINE implementation you want. - - Depending on the type of hardware, system, and configuration, "settings" - may need to be applied to an ENGINE for it to function as expected/hoped. - The recommended way of doing this is for the application to support - ENGINE "control commands" so that each ENGINE implementation can provide - whatever configuration primitives it might require and the application - can allow the user/admin (and thus the hardware vendor's support desk - also) to provide any such input directly to the ENGINE implementation. - This way, applications do not need to know anything specific to any - device, they only need to provide the means to carry such user/admin - input through to the ENGINE in question. Ie. this connects *you* (and - your helpdesk) to the specific ENGINE implementation (and device), and - allows application authors to not get buried in hassle supporting - arbitrary devices they know (and care) nothing about. - - A new "openssl" utility, "openssl engine", has been added in that allows - for testing and examination of ENGINE implementations. Basic usage - instructions are available by specifying the "-?" command line switch. - - DYNAMIC ENGINES - =============== - - The new "dynamic" ENGINE provides a low-overhead way to support ENGINE - implementations that aren't pre-compiled and linked into OpenSSL-based - applications. This could be because existing compiled-in implementations - have known problems and you wish to use a newer version with an existing - application. It could equally be because the application (or OpenSSL - library) you are using simply doesn't have support for the ENGINE you - wish to use, and the ENGINE provider (eg. hardware vendor) is providing - you with a self-contained implementation in the form of a shared-library. - The other use-case for "dynamic" is with applications that wish to - maintain the smallest foot-print possible and so do not link in various - ENGINE implementations from OpenSSL, but instead leaves you to provide - them, if you want them, in the form of "dynamic"-loadable - shared-libraries. It should be possible for hardware vendors to provide - their own shared-libraries to support arbitrary hardware to work with - applications based on OpenSSL 0.9.7 or later. If you're using an - application based on 0.9.7 (or later) and the support you desire is only - announced for versions later than the one you need, ask the vendor to - backport their ENGINE to the version you need. - - How does "dynamic" work? - ------------------------ - The dynamic ENGINE has a special flag in its implementation such that - every time application code asks for the 'dynamic' ENGINE, it in fact - gets its own copy of it. As such, multi-threaded code (or code that - multiplexes multiple uses of 'dynamic' in a single application in any - way at all) does not get confused by 'dynamic' being used to do many - independent things. Other ENGINEs typically don't do this so there is - only ever 1 ENGINE structure of its type (and reference counts are used - to keep order). The dynamic ENGINE itself provides absolutely no - cryptographic functionality, and any attempt to "initialise" the ENGINE - automatically fails. All it does provide are a few "control commands" - that can be used to control how it will load an external ENGINE - implementation from a shared-library. To see these control commands, - use the command-line; - - openssl engine -vvvv dynamic - - The "SO_PATH" control command should be used to identify the - shared-library that contains the ENGINE implementation, and "NO_VCHECK" - might possibly be useful if there is a minor version conflict and you - (or a vendor helpdesk) is convinced you can safely ignore it. - "ID" is probably only needed if a shared-library implements - multiple ENGINEs, but if you know the engine id you expect to be using, - it doesn't hurt to specify it (and this provides a sanity check if - nothing else). "LIST_ADD" is only required if you actually wish the - loaded ENGINE to be discoverable by application code later on using the - ENGINE's "id". For most applications, this isn't necessary - but some - application authors may have nifty reasons for using it. The "LOAD" - command is the only one that takes no parameters and is the command - that uses the settings from any previous commands to actually *load* - the shared-library ENGINE implementation. If this command succeeds, the - (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE - that has been loaded from the shared-library. As such, any control - commands supported by the loaded ENGINE could then be executed as per - normal. Eg. if ENGINE "foo" is implemented in the shared-library - "libfoo.so" and it supports some special control command "CMD_FOO", the - following code would load and use it (NB: obviously this code has no - error checking); - - ENGINE *e = ENGINE_by_id("dynamic"); - ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0); - ENGINE_ctrl_cmd_string(e, "ID", "foo", 0); - ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0); - ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0); - - For testing, the "openssl engine" utility can be useful for this sort - of thing. For example the above code excerpt would achieve much the - same result as; - - openssl engine dynamic \ - -pre SO_PATH:/lib/libfoo.so \ - -pre ID:foo \ - -pre LOAD \ - -pre "CMD_FOO:some input data" - - Or to simply see the list of commands supported by the "foo" ENGINE; - - openssl engine -vvvv dynamic \ - -pre SO_PATH:/lib/libfoo.so \ - -pre ID:foo \ - -pre LOAD - - Applications that support the ENGINE API and more specifically, the - "control commands" mechanism, will provide some way for you to pass - such commands through to ENGINEs. As such, you would select "dynamic" - as the ENGINE to use, and the parameters/commands you pass would - control the *actual* ENGINE used. Each command is actually a name-value - pair and the value can sometimes be omitted (eg. the "LOAD" command). - Whilst the syntax demonstrated in "openssl engine" uses a colon to - separate the command name from the value, applications may provide - their own syntax for making that separation (eg. a win32 registry - key-value pair may be used by some applications). The reason for the - "-pre" syntax in the "openssl engine" utility is that some commands - might be issued to an ENGINE *after* it has been initialised for use. - Eg. if an ENGINE implementation requires a smart-card to be inserted - during initialisation (or a PIN to be typed, or whatever), there may be - a control command you can issue afterwards to "forget" the smart-card - so that additional initialisation is no longer possible. In - applications such as web-servers, where potentially volatile code may - run on the same host system, this may provide some arguable security - value. In such a case, the command would be passed to the ENGINE after - it has been initialised for use, and so the "-post" switch would be - used instead. Applications may provide a different syntax for - supporting this distinction, and some may simply not provide it at all - ("-pre" is almost always what you're after, in reality). - - How do I build a "dynamic" ENGINE? - ---------------------------------- - This question is trickier - currently OpenSSL bundles various ENGINE - implementations that are statically built in, and any application that - calls the "ENGINE_load_builtin_engines()" function will automatically - have all such ENGINEs available (and occupying memory). Applications - that don't call that function have no ENGINEs available like that and - would have to use "dynamic" to load any such ENGINE - but on the other - hand such applications would only have the memory footprint of any - ENGINEs explicitly loaded using user/admin provided control commands. - The main advantage of not statically linking ENGINEs and only using - "dynamic" for hardware support is that any installation using no - "external" ENGINE suffers no unnecessary memory footprint from unused - ENGINEs. Likewise, installations that do require an ENGINE incur the - overheads from only *that* ENGINE once it has been loaded. - - Sounds good? Maybe, but currently building an ENGINE implementation as - a shared-library that can be loaded by "dynamic" isn't automated in - OpenSSL's build process. It can be done manually quite easily however. - Such a shared-library can either be built with any OpenSSL code it - needs statically linked in, or it can link dynamically against OpenSSL - if OpenSSL itself is built as a shared library. The instructions are - the same in each case, but in the former (statically linked any - dependencies on OpenSSL) you must ensure OpenSSL is built with - position-independent code ("PIC"). The default OpenSSL compilation may - already specify the relevant flags to do this, but you should consult - with your compiler documentation if you are in any doubt. - - This example will show building the "atalla" ENGINE in the - crypto/engine/ directory as a shared-library for use via the "dynamic" - ENGINE. - 1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL - source tree. - 2) Recompile at least one source file so you can see all the compiler - flags (and syntax) being used to build normally. Eg; - touch hw_atalla.c ; make - will rebuild "hw_atalla.o" using all such flags. - 3) Manually enter the same compilation line to compile the - "hw_atalla.c" file but with the following two changes; - (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches, - (b) change the output file from "hw_atalla.o" to something new, - eg. "tmp_atalla.o" - 4) Link "tmp_atalla.o" into a shared-library using the top-level - OpenSSL libraries to resolve any dependencies. The syntax for doing - this depends heavily on your system/compiler and is a nightmare - known well to anyone who has worked with shared-library portability - before. 'gcc' on Linux, for example, would use the following syntax; - gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto - 5) Test your shared library using "openssl engine" as explained in the - previous section. Eg. from the top-level directory, you might try; - apps/openssl engine -vvvv dynamic \ - -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD - If the shared-library loads successfully, you will see both "-pre" - commands marked as "SUCCESS" and the list of control commands - displayed (because of "-vvvv") will be the control commands for the - *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add - the "-t" switch to the utility if you want it to try and initialise - the atalla ENGINE for use to test any possible hardware/driver - issues. - - PROBLEMS - ======== - - It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32. - A quick test done right before the release showed that trying "openssl speed - -engine cswift" generated errors. If the DSO gets enabled, an attempt is made - to write at memory address 0x00000002. - diff --git a/README.md b/README.md index e566d3161c..c126116ed8 100644 --- a/README.md +++ b/README.md @@ -105,13 +105,13 @@ detailed instructions about building and installing OpenSSL. For some platforms, the installation instructions are amended by a platform specific document. - * [NOTES.ANDROID](NOTES.ANDROID) - * [NOTES.DJGPP](NOTES.DJGPP) - * [NOTES.PERL](NOTES.PERL) - * [NOTES.UNIX](NOTES.UNIX) - * [NOTES.VALGRIND](NOTES.VALGRIND) - * [NOTES.VMS](NOTES.VMS) - * [NOTES.WIN](NOTES.WIN) + * [NOTES-Android.md](NOTES-Android.md) + * [NOTES-DJGPP.md](NOTES-DJGPP.md) + * [NOTES-Unix.md](NOTES-Unix.md) + * [NOTES-VMS.md](NOTES-VMS.md) + * [NOTES-Windows.txt](NOTES-Windows.txt) + * [NOTES-Perl.m](NOTES-Perl.md) + * [NOTES-Valgrind.md](NOTES-Valgrind.md) Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well as known issues are available on the OpenSSL @@ -142,7 +142,7 @@ OpenSSL is licensed under the Apache License 2.0, which means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill its conditions. -See the [LICENSE](LICENSE) file for more details. +See the [LICENSE.txt](LICENSE.txt) file for more details. Support ======= diff --git a/VERSION b/VERSION.dat similarity index 100% rename from VERSION rename to VERSION.dat diff --git a/config.com b/config.com index 1e1b925ab8..252cada5e9 100644 --- a/config.com +++ b/config.com @@ -42,7 +42,7 @@ Usage: @config [options] -h This help. Any other text will be passed to the Configure perl script. -See INSTALL for instructions. +See INSTALL.md for instructions. $ EOD $ ENDIF diff --git a/crypto/README.sparse_array b/crypto/README-sparse_array.md similarity index 93% rename from crypto/README.sparse_array rename to crypto/README-sparse_array.md index d86a48d9e1..bc2ff0cb8a 100644 --- a/crypto/README.sparse_array +++ b/crypto/README-sparse_array.md @@ -1,4 +1,7 @@ -The sparse_array.c file contains an implementation of a sparse array that +Sparse Arrays +============= + +The `sparse_array.c` file contains an implementation of a sparse array that attempts to be both space and time efficient. The sparse array is represented using a tree structure. Each node in the @@ -13,13 +16,14 @@ There are a number of parameters used to define the block size: SA_BLOCK_MAX_LEVELS Indicates the maximum possible height of the tree These constants are inter-related: + SA_BLOCK_MAX = 2 ^ OPENSSL_SA_BLOCK_BITS SA_BLOCK_MASK = SA_BLOCK_MAX - 1 SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by OPENSSL_SA_BLOCK_BITS rounded up to the next multiple of OPENSSL_SA_BLOCK_BITS -OPENSSL_SA_BLOCK_BITS can be defined at compile time and this overrides the +`OPENSSL_SA_BLOCK_BITS` can be defined at compile time and this overrides the built in setting. As a space and performance optimisation, the height of the tree is usually @@ -67,7 +71,6 @@ brevity): +----+ Index 0 - Inserting at element 2N+1 creates a new root node and pushes down the old root node. It then creates a second second level node to hold the pointer to the user's new data: @@ -102,7 +105,6 @@ user's new data: +----+ +----+ Index 0 Index 2N+1 - The nodes themselves are allocated in a sparse manner. Only nodes which exist along a path from the root of the tree to an added leaf will be allocated. The complexity is hidden and nodes are allocated on an as needed basis. @@ -144,12 +146,11 @@ result in: +----+ Index 2N+1 - Accesses to elements in the sparse array take O(log n) time where n is the -largest element. The base of the logarithm is SA_BLOCK_MAX, so for moderately +largest element. The base of the logarithm is `SA_BLOCK_MAX`, so for moderately small indices (e.g. NIDs), single level (constant time) access is achievable. Space usage is O(minimum(m, n log(n)) where m is the number of elements in the array. -Note: sparse arrays only include pointers to types. Thus, SPARSE_ARRAY_OF(char) -can be used to store a string. +Note: sparse arrays only include pointers to types. +Thus, `SPARSE_ARRAY_OF(char)` can be used to store a string. diff --git a/crypto/engine/README b/crypto/engine/README.md similarity index 95% rename from crypto/engine/README rename to crypto/engine/README.md index 0f8a8fbde4..b45115ca24 100644 --- a/crypto/engine/README +++ b/crypto/engine/README.md @@ -1,12 +1,12 @@ -Notes: 2001-09-24 ------------------ +Notes on engines of 2001-09-24 +============================== This "description" (if one chooses to call it that) needed some major updating so here goes. This update addresses a change being made at the same time to OpenSSL, and it pretty much completely restructures the underlying mechanics of the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals for masochists" document *and* a rather extensive commit log message. (I'd get -lynched for sticking all this in CHANGES or the commit mails :-). +lynched for sticking all this in CHANGES.md or the commit mails :-). ENGINE_TABLE underlies this restructuring, as described in the internal header "eng_local.h", implemented in eng_table.c, and used in each of the "class" files; @@ -21,16 +21,16 @@ or can be loaded "en masse" into EVP storage so that they can be catalogued and searched in various ways, ie. two ways of encrypting with the "des_cbc" algorithm/mode pair are; -(i) directly; - const EVP_CIPHER *cipher = EVP_des_cbc(); - EVP_EncryptInit(&ctx, cipher, key, iv); - [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...] + (i) directly; + const EVP_CIPHER *cipher = EVP_des_cbc(); + EVP_EncryptInit(&ctx, cipher, key, iv); + [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...] -(ii) indirectly; - OpenSSL_add_all_ciphers(); - cipher = EVP_get_cipherbyname("des_cbc"); - EVP_EncryptInit(&ctx, cipher, key, iv); - [ ... etc ... ] + (ii) indirectly; + OpenSSL_add_all_ciphers(); + cipher = EVP_get_cipherbyname("des_cbc"); + EVP_EncryptInit(&ctx, cipher, key, iv); + [ ... etc ... ] The latter is more generally used because it also allows ciphers/digests to be looked up based on other identifiers which can be useful for automatic cipher @@ -177,7 +177,7 @@ is deliberately a distinct step. Moreover, registration and unregistration has nothing to do with whether an ENGINE is *functional* or not (ie. you can even register an ENGINE and its implementations without it being operational, you may not even have the drivers to make it operate). What actually happens with -respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***" +respect to cleanup is managed inside eng_lib.c with the `engine_cleanup_***` functions. These functions are internal-only and each part of ENGINE code that could require cleanup will, upon performing its first allocation, register a callback with the "engine_cleanup" code. The other part of this that makes it @@ -208,4 +208,3 @@ hooking of ENGINE is now automatic (and passive, it can internally use a NULL ENGINE pointer to simply ignore ENGINE from then on). Hell, that should be enough for now ... comments welcome. - diff --git a/crypto/err/README b/crypto/err/README.md similarity index 50% rename from crypto/err/README rename to crypto/err/README.md index 6d2ce0cd0e..78085b3779 100644 --- a/crypto/err/README +++ b/crypto/err/README.md @@ -1,17 +1,17 @@ Adding new libraries --------------------- +==================== When adding a new sub-library to OpenSSL, assign it a library number -ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its -name to ERR_str_libraries[] (in crypto/err/err.c), and add -ERR_load_XXX_strings() to the ERR_load_crypto_strings() function -(in crypto/err/err_all.c). Finally, add an entry: +`ERR_LIB_XXX`, define a macro `XXXerr()` (both in `err.h`), add its +name to `ERR_str_libraries[]` (in `crypto/err/err.c`), and add +`ERR_load_XXX_strings()` to the `ERR_load_crypto_strings()` function +(in `crypto/err/err_all.c`). Finally, add an entry: L XXX xxx.h xxx_err.c -to crypto/err/openssl.ec, and add xxx_err.c to the Makefile. -Running make errors will then generate a file xxx_err.c, and -add all error codes used in the library to xxx.h. +to `crypto/err/openssl.ec`, and add `xxx_err.c` to the `Makefile`. +Running make errors will then generate a file `xxx_err.c`, and +add all error codes used in the library to `xxx.h`. Additionally the library include file must have a certain form. Typically it will initially look like this: @@ -33,12 +33,12 @@ Typically it will initially look like this: /* BEGIN ERROR CODES */ -The BEGIN ERROR CODES sequence is used by the error code +The `BEGIN ERROR CODES` sequence is used by the error code generation script as the point to place new error codes, any text after this point will be overwritten when make errors is run. -The closing #endif etc will be automatically added by the script. +The closing `#endif` etc will be automatically added by the script. -The generated C error code file xxx_err.c will load the header -files stdio.h, openssl/err.h and openssl/xxx.h so the +The generated C error code file `xxx_err.c` will load the header +files `stdio.h`, `openssl/err.h` and `openssl/xxx.h` so the header file must load any additional header files containing any definitions it uses. diff --git a/crypto/objects/README b/crypto/objects/README deleted file mode 100644 index 700f9c5e54..0000000000 --- a/crypto/objects/README +++ /dev/null @@ -1,44 +0,0 @@ -objects.txt syntax ------------------- - -To cover all the naming hacks that were previously in objects.h needed some -kind of hacks in objects.txt. - -The basic syntax for adding an object is as follows: - - 1 2 3 4 : shortName : Long Name - - If Long Name contains only word characters and hyphen-minus - (0x2D) or full stop (0x2E) then Long Name is used as basis - for the base name in C. Otherwise, the shortName is used. - - The base name (let's call it 'base') will then be used to - create the C macros SN_base, LN_base, NID_base and OBJ_base. - - Note that if the base name contains spaces, dashes or periods, - those will be converted to underscore. - -Then there are some extra commands: - - !Alias foo 1 2 3 4 - - This just makes a name foo for an OID. The C macro - OBJ_foo will be created as a result. - - !Cname foo - - This makes sure that the name foo will be used as base name - in C. - - !module foo - 1 2 3 4 : shortName : Long Name - !global - - The !module command was meant to define a kind of modularity. - What it does is to make sure the module name is prepended - to the base name. !global turns this off. This construction - is not recursive. - -Lines starting with # are treated as comments, as well as any line starting -with ! and not matching the commands above. - diff --git a/crypto/objects/README.md b/crypto/objects/README.md new file mode 100644 index 0000000000..49c749887d --- /dev/null +++ b/crypto/objects/README.md @@ -0,0 +1,43 @@ +objects.txt syntax +================== + +To cover all the naming hacks that were previously in `objects.h` needed some +kind of hacks in `objects.txt`. + +The basic syntax for adding an object is as follows: + + 1 2 3 4 : shortName : Long Name + + If Long Name contains only word characters and hyphen-minus + (0x2D) or full stop (0x2E) then Long Name is used as basis + for the base name in C. Otherwise, the shortName is used. + + The base name (let's call it 'base') will then be used to + create the C macros SN_base, LN_base, NID_base and OBJ_base. + + Note that if the base name contains spaces, dashes or periods, + those will be converted to underscore. + +Then there are some extra commands: + + !Alias foo 1 2 3 4 + + This just makes a name foo for an OID. The C macro + OBJ_foo will be created as a result. + + !Cname foo + + This makes sure that the name foo will be used as base name + in C. + + !module foo + 1 2 3 4 : shortName : Long Name + !global + + The !module command was meant to define a kind of modularity. + What it does is to make sure the module name is prepended + to the base name. !global turns this off. This construction + is not recursive. + +Lines starting with `#` are treated as comments, as well as any line starting +with ! and not matching the commands above. diff --git a/crypto/perlasm/README b/crypto/perlasm/README deleted file mode 100644 index 59f2c95515..0000000000 --- a/crypto/perlasm/README +++ /dev/null @@ -1,124 +0,0 @@ -The perl scripts in this directory are my 'hack' to generate -multiple different assembler formats via the one original script. - -The way to use this library is to start with adding the path to this directory -and then include it. - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -The first thing we do is setup the file and type of assembler - -&asm_init($ARGV[0]); - -The first argument is the 'type'. Currently -'cpp', 'sol', 'a.out', 'elf' or 'win32'. -Argument 2 is the file name. - -The reciprocal function is -&asm_finish() which should be called at the end. - -There are 2 main 'packages'. x86ms.pl, which is the Microsoft assembler, -and x86unix.pl which is the unix (gas) version. - -Functions of interest are: -&external_label("des_SPtrans"); declare and external variable -&LB(reg); Low byte for a register -&HB(reg); High byte for a register -&BP(off,base,index,scale) Byte pointer addressing -&DWP(off,base,index,scale) Word pointer addressing -&stack_push(num) Basically a 'sub esp, num*4' with extra -&stack_pop(num) inverse of stack_push -&function_begin(name,extra) Start a function with pushing of - edi, esi, ebx and ebp. extra is extra win32 - external info that may be required. -&function_begin_B(name,extra) Same as normal function_begin but no pushing. -&function_end(name) Call at end of function. -&function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with pop or ret. -&swtmp(num) Address on stack temp word. -&wparam(num) Parameter number num, that was push - in C convention. This all works over pushes - and pops. -&comment("hello there") Put in a comment. -&label("loop") Refer to a label, normally a jmp target. -&set_label("loop") Set a label at this point. -&data_word(word) Put in a word of data. - -So how does this all hold together? Given - -int calc(int len, int *data) - { - int i,j=0; - - for (i=0; i "$SOURCEDIR/VERSION" < "$SOURCEDIR/VERSION.dat" < recognises both forms. =head1 VERSION AND STATE With OpenSSL 3.0, all the version and state information is in the file -F, where the following variables are used and changed: +F, where the following variables are used and changed: =over 4 diff --git a/doc/README b/doc/README.md similarity index 58% rename from doc/README rename to doc/README.md index 964d879810..12bb37ddb8 100644 --- a/doc/README +++ b/doc/README.md @@ -1,27 +1,30 @@ +OpenSSL Documentation +===================== -README This file +README.md This file -fingerprints.txt +[fingerprints.txt](fingerprints.txt) PGP fingerprints of authorised release signers standards.txt - Moved to the web, https://www.openssl.org/docs/standards.html +standards.txt + Moved to the web, -HOWTO/ +[HOWTO/](HOWTO/) A few how-to documents; not necessarily up-to-date -man1/ +[man1/](man1/) The openssl command-line tools; start with openssl.pod -man3/ +[man3/](man3/) The SSL library and the crypto library -man5/ +[man5/](man5/) File formats -man7/ +[man7/](man7/) Overviews; start with crypto.pod and ssl.pod, for example Algorithm specific EVP_PKEY documentation. Formatted versions of the manpages (apps,ssl,crypto) can be found at - https://www.openssl.org/docs/manpages.html + diff --git a/ssl/record/README b/ssl/record/README.md similarity index 56% rename from ssl/record/README rename to ssl/record/README.md index 630fe8027a..263f257c84 100644 --- a/ssl/record/README +++ b/ssl/record/README.md @@ -18,10 +18,10 @@ of libssl. The source files map to components as follows: -dtls1_bitmap.c -> DTLS1_BITMAP component -ssl3_buffer.c -> SSL3_BUFFER component -ssl3_record.c -> SSL3_RECORD component -rec_layer_s3.c, rec_layer_d1.c -> RECORD_LAYER component + dtls1_bitmap.c -> DTLS1_BITMAP component + ssl3_buffer.c -> SSL3_BUFFER component + ssl3_record.c -> SSL3_RECORD component + rec_layer_s3.c, rec_layer_d1.c -> RECORD_LAYER component The RECORD_LAYER component is a facade pattern, i.e. it provides a simplified interface to the record layer for the rest of libssl. The other 3 components are @@ -38,33 +38,32 @@ RECORD_LAYER_* macros. Conceptually it looks like this: - libssl - | ----------------------------|-----record.h-------------------------------------- - | - _______V______________ - | | - | RECORD_LAYER | - | | - | rec_layer_s3.c | - | ^ | - | _________|__________ | - || || - || DTLS1_RECORD_LAYER || - || || - || rec_layer_d1.c || - ||____________________|| - |______________________| - record_local.h ^ ^ ^ - _________________| | |_________________ - | | | - _____V_________ ______V________ _______V________ - | | | | | | - | SSL3_BUFFER | | SSL3_RECORD | | DTLS1_BITMAP | - | |--->| | | | - | ssl3_buffer.c | | ssl3_record.c | | dtls1_bitmap.c | - |_______________| |_______________| |________________| - + libssl + | + -------------------------|-----record.h------------------------------------ + | + _______V______________ + | | + | RECORD_LAYER | + | | + | rec_layer_s3.c | + | ^ | + | _________|__________ | + || || + || DTLS1_RECORD_LAYER || + || || + || rec_layer_d1.c || + ||____________________|| + |______________________| + record_local.h ^ ^ ^ + _________________| | |_________________ + | | | + _____V_________ ______V________ _______V________ + | | | | | | + | SSL3_BUFFER | | SSL3_RECORD | | DTLS1_BITMAP | + | |--->| | | | + | ssl3_buffer.c | | ssl3_record.c | | dtls1_bitmap.c | + |_______________| |_______________| |________________| The two RECORD_LAYER source files build on each other, i.e. the main one is rec_layer_s3.c which provides the core SSL/TLS layer. The second diff --git a/ssl/statem/README b/ssl/statem/README deleted file mode 100644 index 86cc066372..0000000000 --- a/ssl/statem/README +++ /dev/null @@ -1,63 +0,0 @@ -State Machine Design -==================== - -This file provides some guidance on the thinking behind the design of the -state machine code to aid future maintenance. - -The state machine code replaces an older state machine present in OpenSSL -versions 1.0.2 and below. The new state machine has the following objectives: - - Remove duplication of state code between client and server - - Remove duplication of state code between TLS and DTLS - - Simplify transitions and bring the logic together in a single location - so that it is easier to validate - - Remove duplication of code between each of the message handling functions - - Receive a message first and then work out whether that is a valid - transition - not the other way around (the other way causes lots of issues - where we are expecting one type of message next but actually get something - else) - - Separate message flow state from handshake state (in order to better - understand each) - - message flow state = when to flush buffers; handling restarts in the - event of NBIO events; handling the common flow of steps for reading a - message and the common flow of steps for writing a message etc - - handshake state = what handshake message are we working on now - - Control complexity: only the state machine can change state: keep all - the state changes local to the state machine component - -The message flow state machine is divided into a reading sub-state machine and a -writing sub-state machine. See the source comments in statem.c for a more -detailed description of the various states and transitions possible. - -Conceptually the state machine component is designed as follows: - - libssl - | ----------------------------|-----statem.h-------------------------------------- - | - _______V____________________ - | | - | statem.c | - | | - | Core state machine code | - |____________________________| - statem_local.h ^ ^ - _________| |_______ - | | - _____________|____________ _____________|____________ - | | | | - | statem_clnt.c | | statem_srvr.c | - | | | | - | TLS/DTLS client specific | | TLS/DTLS server specific | - | state machine code | | state machine code | - |__________________________| |__________________________| - | |_______________|__ | - | ________________| | | - | | | | - ____________V_______V________ ________V______V_______________ - | | | | - | statem_both.c | | statem_dtls.c | - | | | | - | Non core functions common | | Non core functions common to | - | to both servers and clients | | both DTLS servers and clients | - |_____________________________| |_______________________________| - diff --git a/ssl/statem/README.md b/ssl/statem/README.md new file mode 100644 index 0000000000..ef33f77c82 --- /dev/null +++ b/ssl/statem/README.md @@ -0,0 +1,63 @@ +State Machine Design +==================== + +This file provides some guidance on the thinking behind the design of the +state machine code to aid future maintenance. + +The state machine code replaces an older state machine present in OpenSSL +versions 1.0.2 and below. The new state machine has the following objectives: + + - Remove duplication of state code between client and server + - Remove duplication of state code between TLS and DTLS + - Simplify transitions and bring the logic together in a single location + so that it is easier to validate + - Remove duplication of code between each of the message handling functions + - Receive a message first and then work out whether that is a valid + transition - not the other way around (the other way causes lots of issues + where we are expecting one type of message next but actually get something + else) + - Separate message flow state from handshake state (in order to better + understand each) + * message flow state = when to flush buffers; handling restarts in the + event of NBIO events; handling the common flow of steps for reading a + message and the common flow of steps for writing a message etc + * handshake state = what handshake message are we working on now + - Control complexity: only the state machine can change state: keep all + the state changes local to the state machine component + +The message flow state machine is divided into a reading sub-state machine and a +writing sub-state machine. See the source comments in statem.c for a more +detailed description of the various states and transitions possible. + +Conceptually the state machine component is designed as follows: + + libssl + | + -------------------------|-----statem.h------------------------------------ + | + _______V____________________ + | | + | statem.c | + | | + | Core state machine code | + |____________________________| + statem_local.h ^ ^ + _________| |_______ + | | + _____________|____________ _____________|____________ + | | | | + | statem_clnt.c | | statem_srvr.c | + | | | | + | TLS/DTLS client specific | | TLS/DTLS server specific | + | state machine code | | state machine code | + |__________________________| |__________________________| + | |_______________|__ | + | ________________| | | + | | | | + ____________V_______V________ ________V______V_______________ + | | | | + | statem_both.c | | statem_dtls.c | + | | | | + | Non core functions common | | Non core functions common to | + | to both servers and clients | | both DTLS servers and clients | + |_____________________________| |_______________________________| diff --git a/test/README b/test/README-dev.md similarity index 52% rename from test/README rename to test/README-dev.md index 9094d9a38d..56114fdc34 100644 --- a/test/README +++ b/test/README-dev.md @@ -1,44 +1,46 @@ +Guidelines for test developers +============================== + How to add recipes -================== +------------------ For any test that you want to perform, you write a script located in -test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and -{name} is a unique name of your choice. +`test/recipes/`, named `{nn}-test_{name}.t`, +where `{nn}` is a two digit number and +`{name}` is a unique name of your choice. Please note that if a test involves a new testing executable, you will need to -do some additions in test/build.info. Please refer to the section "Changes to -test/build.info" below. - +do some additions in test/build.info. Please refer to the section +["Changes to test/build.info"](README.md#changes-to-testbuildinfo) below. Naming conventions -================= - -A test executable is named test/{name}test.c - -A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two -digit number and {name} is a unique name of your choice. - -The number {nn} is (somewhat loosely) grouped as follows: - -00-04 sanity, internal and essential API tests -05-09 individual symmetric cipher algorithms -10-14 math (bignum) -15-19 individual asymmetric cipher algorithms -20-24 openssl commands (some otherwise not tested) -25-29 certificate forms, generation and verification -30-35 engine and evp -60-79 APIs: - 60 X509 subsystem - 61 BIO subsystem - 65 CMP subsystem - 70 PACKET layer -80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA) -90-98 misc -99 most time consuming tests [such as test_fuzz] - +------------------ + +A test executable is named `test/{name}test.c` + +A test recipe is named `test/recipes/{nn}-test_{name}.t`, where `{nn}` is a two +digit number and `{name}` is a unique name of your choice. + +The number `{nn}` is (somewhat loosely) grouped as follows: + + 00-04 sanity, internal and essential API tests + 05-09 individual symmetric cipher algorithms + 10-14 math (bignum) + 15-19 individual asymmetric cipher algorithms + 20-24 openssl commands (some otherwise not tested) + 25-29 certificate forms, generation and verification + 30-35 engine and evp + 60-79 APIs: + 60 X509 subsystem + 61 BIO subsystem + 65 CMP subsystem + 70 PACKET layer + 80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA) + 90-98 misc + 99 most time consuming tests [such as test_fuzz] A recipe that just runs a test executable -========================================= +----------------------------------------- A script that just runs a program looks like this: @@ -48,21 +50,20 @@ A script that just runs a program looks like this: simple_test("test_{name}", "{name}test", "{name}"); -{name} is the unique name you have chosen for your test. - -The second argument to `simple_test' is the test executable, and `simple_test' -expects it to be located in test/ +`{name}` is the unique name you have chosen for your test. -For documentation on OpenSSL::Test::Simple, do -`perldoc util/perl/OpenSSL/Test/Simple.pm'. +The second argument to `simple_test` is the test executable, and `simple_test` +expects it to be located in `test/` +For documentation on `OpenSSL::Test::Simple`, +do `perldoc util/perl/OpenSSL/Test/Simple.pm`. A recipe that runs a more complex test -====================================== +-------------------------------------- For more complex tests, you will need to read up on Test::More and -OpenSSL::Test. Test::More is normally preinstalled, do `man Test::More' for -documentation. For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm'. +OpenSSL::Test. Test::More is normally preinstalled, do `man Test::More` for +documentation. For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm`. A script to start from could be this: @@ -89,26 +90,25 @@ A script to start from could be this: # test feature 2 } - Changes to test/build.info -========================== +-------------------------- Whenever a new test involves a new test executable you need to do the following (at all times, replace {NAME} and {name} with the name of your test): -* add {name} to the list of programs under PROGRAMS_NO_INST + * add `{name}` to the list of programs under `PROGRAMS_NO_INST` -* create a three line description of how to build the test, you will have -to modify the include paths and source files if you don't want to use the -basic test framework: + * create a three line description of how to build the test, you will have + to modify the include paths and source files if you don't want to use the + basic test framework: - SOURCE[{name}]={name}.c - INCLUDE[{name}]=.. ../include ../apps/include - DEPEND[{name}]=../libcrypto libtestutil.a + SOURCE[{name}]={name}.c + INCLUDE[{name}]=.. ../include ../apps/include + DEPEND[{name}]=../libcrypto libtestutil.a Generic form of C test executables -================================== +---------------------------------- #include "testutil.h" @@ -133,12 +133,12 @@ Generic form of C test executables return 1; /* Indicate success */ } -You should use the TEST_xxx macros provided by testutil.h to test all failure +You should use the `TEST_xxx` macros provided by `testutil.h` to test all failure conditions. These macros produce an error message in a standard format if the condition is not met (and nothing if the condition is met). Additional -information can be presented with the TEST_info macro that takes a printf -format string and arguments. TEST_error is useful for complicated conditions, -it also takes a printf format string and argument. In all cases the TEST_xxx +information can be presented with the `TEST_info` macro that takes a `printf` +format string and arguments. `TEST_error` is useful for complicated conditions, +it also takes a `printf` format string and argument. In all cases the `TEST_xxx` macros are guaranteed to evaluate their arguments exactly once. This means that expressions with side effects are allowed as parameters. Thus, @@ -152,6 +152,5 @@ works fine and can be used in place of: The former produces a more meaningful message on failure than the latter. Note that the test infrastructure automatically sets up all required environment -variables (such as OPENSSL_MODULES, OPENSSL_CONF etc) for the tests. Individual -tests may choose to override the default settings as required. - +variables (such as `OPENSSL_MODULES`, `OPENSSL_CONF`, etc.) for the tests. +Individual tests may choose to override the default settings as required. diff --git a/test/README.external b/test/README-external.md similarity index 73% copy from test/README.external copy to test/README-external.md index 8069ce8d00..b06deaac4f 100644 --- a/test/README.external +++ b/test/README-external.md @@ -1,12 +1,10 @@ Running external test suites with OpenSSL ========================================= -It is possible to integrate external test suites into OpenSSL's "make test". +It is possible to integrate external test suites into OpenSSL's `make test`. This capability is considered a developer option and does not work on all platforms. - - The BoringSSL test suite ======================== @@ -15,31 +13,31 @@ source code into an appropriate directory. This can be done in two ways: 1) Separately from the OpenSSL checkout using: - $ git clone https://boringssl.googlesource.com/boringssl boringssl + $ git clone https://boringssl.googlesource.com/boringssl boringssl The BoringSSL tests are only confirmed to work at a specific commit in the BoringSSL repository. Later commits may or may not pass the test suite: - $ cd boringssl - $ git checkout 490469f850e + $ cd boringssl + $ git checkout 490469f850e 2) Using the already configured submodule settings in OpenSSL: - $ git submodule update --init + $ git submodule update --init Configure the OpenSSL source code to enable the external tests: -$ cd ../openssl -$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ - enable-external-tests + $ cd ../openssl + $ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ + enable-external-tests Note that using other config options than those given above may cause the tests to fail. Run the OpenSSL tests by providing the path to the BoringSSL test runner in the -BORING_RUNNER_DIR environment variable: +`BORING_RUNNER_DIR` environment variable: -$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test + $ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test Note that the test suite may change directory while running so the path provided should be absolute and not relative to the current working directory. @@ -47,9 +45,8 @@ should be absolute and not relative to the current working directory. To see more detailed output you can run just the BoringSSL tests with the verbose option: -$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ - TESTS="test_external_boringssl" test - + $ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ + TESTS="test_external_boringssl" test Test failures and suppressions ------------------------------ @@ -71,26 +68,25 @@ within the OpenSSL source code. The community is encouraged to contribute patches which reduce the number of suppressions that are currently present. - Python PYCA/Cryptography test suite =================================== This python test suite runs cryptographic tests with a local OpenSSL build as the implementation. -First checkout the PYCA/Cryptography module into ./pyca-cryptography using: +First checkout the `PYCA/Cryptography` module into `./pyca-cryptography` using: -$ git submodule update --init + $ git submodule update --init Then configure/build OpenSSL compatible with the python module: -$ ./config shared enable-external-tests -$ make + $ ./config shared enable-external-tests + $ make The tests will run in a python virtual environment which requires virtualenv to be installed. -$ make test VERBOSE=1 TESTS=test_external_pyca + $ make test VERBOSE=1 TESTS=test_external_pyca Test failures and suppressions ------------------------------ @@ -98,7 +94,6 @@ Test failures and suppressions Some tests target older (<=1.0.2) versions so will not run. Other tests target other crypto implementations so are not relevant. Currently no tests fail. - krb5 test suite =============== @@ -107,24 +102,24 @@ tests against the local OpenSSL build. You will need a git checkout of krb5 at the top level: -$ git clone https://github.com/krb5/krb5 + $ git clone https://github.com/krb5/krb5 krb5's master has to pass this same CI, but a known-good version is krb5-1.15.1-final if you want to be sure. -$ cd krb5 -$ git checkout krb5-1.15.1-final -$ cd .. + $ cd krb5 + $ git checkout krb5-1.15.1-final + $ cd .. OpenSSL must be built with external tests enabled: -$ ./config enable-external-tests -$ make + $ ./config enable-external-tests + $ make krb5's tests will then be run as part of the rest of the suite, or can be explicitly run (with more debugging): -$ VERBOSE=1 make TESTS=test_external_krb5 test + $ VERBOSE=1 make TESTS=test_external_krb5 test Test-failures suppressions -------------------------- @@ -133,7 +128,6 @@ krb5 will automatically adapt its test suite to account for the configuration of your system. Certain tests may require more installed packages to run. No tests are expected to fail. - GOST engine test suite =============== @@ -142,19 +136,19 @@ tests against the local OpenSSL build. You will need a git checkout of gost-engine at the top level: -$ git submodule update --init + $ git submodule update --init Then configure/build OpenSSL enabling external tests: -$ ./config shared enable-external-tests -$ make + $ ./config shared enable-external-tests + $ make GOST engine requires CMake for the build process. GOST engine tests will then be run as part of the rest of the suite, or can be explicitly run (with more debugging): -$ make test VERBOSE=1 TESTS=test_external_gost_engine + $ make test VERBOSE=1 TESTS=test_external_gost_engine Updating test suites ==================== @@ -163,24 +157,23 @@ To update the commit for any of the above test suites: - Make sure the submodules are cloned locally: - $ git submodule update --init --recursive + $ git submodule update --init --recursive - Enter subdirectory and pull from the repository (use a specific branch/tag if required): - $ cd - $ git pull origin master + $ cd `` + $ git pull origin master - Go to root directory, there should be a new git status: - $ cd ../ - $ git status - ... - # modified: (new commits) - ... + $ cd ../ + $ git status + ... + # modified: `` (new commits) + ... - Add/commit/push the update - git add - git commit -m "Updated to latest commit" - git push - + $ git add `` + $ git commit -m `"Updated to latest commit"` + $ git push diff --git a/test/README.md b/test/README.md index a9e0c827d1..f9058a0026 100644 --- a/test/README.md +++ b/test/README.md @@ -1,5 +1,5 @@ -Test OpenSSL -============ +Using OpenSSL Tests +=================== After a successful build, and before installing, the libraries should be tested. Run: diff --git a/test/data.txt b/test/data.txt new file mode 100644 index 0000000000..3442255280 --- /dev/null +++ b/test/data.txt @@ -0,0 +1,4 @@ +TEST DATA + +Please note that if a test involves a new testing executable, +you will need to do some additions in test/build.info. diff --git a/test/README.external b/test/data2.txt similarity index 99% rename from test/README.external rename to test/data2.txt index 8069ce8d00..c4f9691a26 100644 --- a/test/README.external +++ b/test/data2.txt @@ -1,3 +1,5 @@ +TEST DATA2 + Running external test suites with OpenSSL ========================================= diff --git a/test/recipes/04-test_pem_data/NOTES b/test/recipes/04-test_pem_data/NOTES.txt similarity index 100% rename from test/recipes/04-test_pem_data/NOTES rename to test/recipes/04-test_pem_data/NOTES.txt diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index c10da5a9f4..0b7ab2d5d1 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -24,8 +24,8 @@ sub tsignverify { my $privkey = shift; my $pubkey = shift; - my $data_to_sign = srctop_file('test', 'README'); - my $other_data = srctop_file('test', 'README.external'); + my $data_to_sign = srctop_file('test', 'data.txt'); + my $other_data = srctop_file('test', 'data2.txt'); my $sigfile = basename($privkey, '.pem') . '.sig'; plan tests => 4; diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 753995428d..543038cab9 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -74,8 +74,8 @@ sub tsignverify { my $pubkey = shift; my @extraopts = @_; - my $data_to_sign = srctop_file('test', 'README'); - my $other_data = srctop_file('test', 'README.external'); + my $data_to_sign = srctop_file('test', 'data.txt'); + my $other_data = srctop_file('test', 'data2.txt'); my $sigfile = basename($privkey, '.pem') . '.sig'; my @args = (); diff --git a/test/recipes/95-test_external_krb5.t b/test/recipes/95-test_external_krb5.t index c431d966b3..ad262da2d9 100644 --- a/test/recipes/95-test_external_krb5.t +++ b/test/recipes/95-test_external_krb5.t @@ -17,7 +17,7 @@ setup("test_external_krb5"); plan skip_all => "No external tests in this configuration" if disabled("external-tests"); plan skip_all => "krb5 not available" - if ! -f srctop_file("krb5", "README"); + if ! -f srctop_file("krb5", "data.txt"); plan tests => 1; diff --git a/util/markdownlint.rb b/util/markdownlint.rb index 66517484ad..64a82e3684 100644 --- a/util/markdownlint.rb +++ b/util/markdownlint.rb @@ -15,6 +15,8 @@ exclude_rule 'MD004' # Unordered list style TODO(fix?) exclude_rule 'MD005' # Inconsistent indentation for list items at the same level exclude_rule 'MD006' # Consider starting bulleted lists at the beginning of the line exclude_rule 'MD014' # Dollar signs used before commands without showing output +exclude_rule 'MD023' # Headers must start at the beginning of the line exclude_rule 'MD024' # Multiple headers with the same content exclude_rule 'MD025' # Multiple top level headers in the same document +exclude_rule 'MD026' # Trailing punctuation in header exclude_rule 'MD029' # Ordered list item prefix From builds at travis-ci.com Sun Jul 5 11:30:05 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 05 Jul 2020 11:30:05 +0000 Subject: Errored: openssl/openssl#35955 (master - 1dc1ea1) In-Reply-To: Message-ID: <5f01b9bd1260c_13f8963b2df5016573f@travis-pro-tasks-7d65964b99-l5jst.mail> Build Update for openssl/openssl ------------------------------------- Build: #35955 Status: Errored Duration: 37 mins and 6 secs Commit: 1dc1ea1 (master) Author: Dr. David von Oheimb Message: Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12109) View the changeset: https://github.com/openssl/openssl/compare/c996f71bab43...1dc1ea182be1 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174321237?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun Jul 5 12:08:00 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 05 Jul 2020 12:08:00 +0000 Subject: [openssl] master update Message-ID: <1593950880.444175.21209.nullmailer@dev.openssl.org> The branch master has been updated via dd76b90ef6cf9bd344c9a6cd0de536a734d1b6a3 (commit) from 1dc1ea182be183d8a393fdce4494360aee059cd2 (commit) - Log ----------------------------------------------------------------- commit dd76b90ef6cf9bd344c9a6cd0de536a734d1b6a3 Author: Richard Levitte Date: Fri Jul 3 14:12:54 2020 +0200 CORE: perform post-condition in algorithm_do_this() under all circumstances When ossl_provider_query_operation() returned NULL, the post-condition callback wasn't called, and could make algorithm_do_this() falsely tell the caller that there was an error. Because of this, a provider that answered with NULL for a particular operation identity would effectively block the same query on all following providers. Fixes #12293 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12365) ----------------------------------------------------------------------- Summary of changes: crypto/core_algorithm.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index b035ecfbb4..f4a20cb2d1 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -58,13 +58,12 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) map = ossl_provider_query_operation(provider, cur_operation, &no_store); - if (map == NULL) - continue; - - while (map->algorithm_names != NULL) { - const OSSL_ALGORITHM *thismap = map++; + if (map != NULL) { + while (map->algorithm_names != NULL) { + const OSSL_ALGORITHM *thismap = map++; - data->fn(provider, thismap, no_store, data->data); + data->fn(provider, thismap, no_store, data->data); + } } /* Do we fulfill post-conditions? */ From builds at travis-ci.com Sun Jul 5 16:51:38 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 05 Jul 2020 16:51:38 +0000 Subject: Errored: openssl/openssl#35956 (master - dd76b90) In-Reply-To: Message-ID: <5f020519e5998_13fc2a91a91bc705d9@travis-pro-tasks-86788c69c7-mnh7j.mail> Build Update for openssl/openssl ------------------------------------- Build: #35956 Status: Errored Duration: 10 mins and 31 secs Commit: dd76b90 (master) Author: Richard Levitte Message: CORE: perform post-condition in algorithm_do_this() under all circumstances When ossl_provider_query_operation() returned NULL, the post-condition callback wasn't called, and could make algorithm_do_this() falsely tell the caller that there was an error. Because of this, a provider that answered with NULL for a particular operation identity would effectively block the same query on all following providers. Fixes #12293 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12365) View the changeset: https://github.com/openssl/openssl/compare/1dc1ea182be1...dd76b90ef6cf View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174326059?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun Jul 5 19:17:15 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 05 Jul 2020 19:17:15 +0000 Subject: [openssl] master update Message-ID: <1593976635.673341.20852.nullmailer@dev.openssl.org> The branch master has been updated via 1b726e9b91a032298dc96ad117b23e18e1583246 (commit) via fa7a807435edbcdcddf809398c59a60650315981 (commit) via 17b7f8968481aa99c622080ac73879f42fb8c4ae (commit) via 71f2994b151f5de0c7bc14592c84795ff98256c1 (commit) via 163b2bcd8b2e5cd149dfc8dce1ca096805559379 (commit) from dd76b90ef6cf9bd344c9a6cd0de536a734d1b6a3 (commit) - Log ----------------------------------------------------------------- commit 1b726e9b91a032298dc96ad117b23e18e1583246 Author: Richard Levitte Date: Wed Jul 1 23:13:49 2020 +0200 TEST: update 02-test_errstr.t to have better tests We now check that if libcrypto hasn't loaded the string for some particular system error, it gives us "reason(nnn)" instead, where 'nnn' is the system error number in decimal. We go through all possible error macros that perl serves us, not only the POSIX ones. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12343) commit fa7a807435edbcdcddf809398c59a60650315981 Author: Richard Levitte Date: Wed Jul 1 22:17:01 2020 +0200 SSL: fix misuse of ERR_LIB_SYS Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12343) commit 17b7f8968481aa99c622080ac73879f42fb8c4ae Author: Richard Levitte Date: Mon Jun 29 12:43:40 2020 +0200 TEST: fix test/errtest.c test/errtest.c used the system error code 1 for EPERM. However, EPERM may be coded differently on different systems, so we switch to using EPERM instead. However, because we know that the ERR sub-system truncates system error codes that occupy more than 24 bits, we check that the reason code in the recorded error matches our EPERM, and skip the test if not. To be safe (even though the error string for that code is well defined in POSIX), we also use strerror() to retrieve the string for that error code instead of using a hard coded value. Fixes #12276 Fixes #12217 Fixes #12354 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12343) commit 71f2994b151f5de0c7bc14592c84795ff98256c1 Author: Richard Levitte Date: Mon Jun 29 12:18:24 2020 +0200 ERR: special case system errors Because system errors can be any positive number that fits in an 'int' according to POSIX, we can't reasonably expect them to be in the 1..127 range, even though that's the most usual. Instead of packing them into the OpenSSL error code structure, we recognise them as a special case and mark them as such by storing them in our error queue with the highest bit set. We make OpenSSL specific error records have their highest bit cleared, and in doing so, we shift down the library section of the code by one bit. This still leaves a very large section for the reason codes. Of course, we must adapt the error code and reason string extraction and printing functions accordingly. With this, we also thrown away the pre-loaded array of system error strings, and extract them from the system when needed instead, i.e. when we create error strings. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12343) commit 163b2bcd8b2e5cd149dfc8dce1ca096805559379 Author: Richard Levitte Date: Mon Jun 29 12:08:27 2020 +0200 ERR: refactor global error codes Some ERR_R_ codes overlapped other ERR_R_ codes: - ERR_R_BUF_LIB vs ERR_R_PASSED_INVALID_ARGUMENT - ERR_R_DSA_LIB vs ERR_R_INTERRUPTED_OR_CANCELLED Looking back at history, this was originally not an issue, because the ERR_R_ codes that weren't ERR_LIB_ aliases had bit 2**6 set. However, new codes without that bit came in, and we got the overlap that is mentioned above. To get rid of the overlap, we repartition the codes as follows: - ERR_R_{name}_LIB that are aliases for ERR_LIB_{name} are confined to the range 1..63. - Other ERR_R_ codes are confined to 64..99 We also expand the reason codes to 24 bits of data, where the 4 top bits are for reason code flags. We also allocate a "fatal" flag ERR_RFLAG_FATAL. The reason code ERR_R_FATAL stops acting as a flag, but is coded in such a way that it still serves as one for code that happens to use it as such. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12343) ----------------------------------------------------------------------- Summary of changes: crypto/err/err.c | 104 ++++++---------------------- crypto/err/err_local.h | 5 +- crypto/err/err_prn.c | 26 ++++++- include/openssl/err.h | 135 +++++++++++++++++++++++++++++------- ssl/ssl_lib.c | 3 +- test/errtest.c | 47 ++++++++++--- test/recipes/02-test_errstr.t | 157 +++++++++++++++++++++--------------------- 7 files changed, 279 insertions(+), 198 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 9a37c42625..26cf2b0b9d 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -173,84 +173,6 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) return p; } -#ifndef OPENSSL_NO_ERR -/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */ -# define SPACE_SYS_STR_REASONS 8 * 1024 -# define NUM_SYS_STR_REASONS 127 - -static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; -/* - * SYS_str_reasons is filled with copies of strerror() results at - * initialization. 'errno' values up to 127 should cover all usual errors, - * others will be displayed numerically by ERR_error_string. It is crucial - * that we have something for each reason code that occurs in - * ERR_str_reasons, or bogus reason strings will be returned for SYSerr(), - * which always gets an errno value and never one of those 'standard' reason - * codes. - */ - -static void build_SYS_str_reasons(void) -{ - /* OPENSSL_malloc cannot be used here, use static storage instead */ - static char strerror_pool[SPACE_SYS_STR_REASONS]; - char *cur = strerror_pool; - size_t cnt = 0; - static int init = 1; - int i; - int saveerrno = get_last_sys_error(); - - CRYPTO_THREAD_write_lock(err_string_lock); - if (!init) { - CRYPTO_THREAD_unlock(err_string_lock); - return; - } - - for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { - ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - - str->error = ERR_PACK(ERR_LIB_SYS, 0, i); - /* - * If we have used up all the space in strerror_pool, - * there's no point in calling openssl_strerror_r() - */ - if (str->string == NULL && cnt < sizeof(strerror_pool)) { - if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) { - size_t l = strlen(cur); - - str->string = cur; - cnt += l; - cur += l; - - /* - * VMS has an unusual quirk of adding spaces at the end of - * some (most? all?) messages. Lets trim them off. - */ - while (cur > strerror_pool && ossl_isspace(cur[-1])) { - cur--; - cnt--; - } - *cur++ = '\0'; - cnt++; - } - } - if (str->string == NULL) - str->string = "unknown"; - } - - /* - * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as - * required by ERR_load_strings. - */ - - init = 0; - - CRYPTO_THREAD_unlock(err_string_lock); - /* openssl_strerror_r could change errno, but we want to preserve it */ - set_sys_error(saveerrno); - err_load_strings(SYS_str_reasons); -} -#endif - static void ERR_STATE_free(ERR_STATE *s) { int i; @@ -322,7 +244,6 @@ int ERR_load_ERR_strings(void) err_load_strings(ERR_str_libraries); err_load_strings(ERR_str_reasons); - build_SYS_str_reasons(); #endif return 1; } @@ -569,8 +490,8 @@ static unsigned long get_error_values(ERR_GET_ACTION g, void ERR_error_string_n(unsigned long e, char *buf, size_t len) { - char lsbuf[64], rsbuf[64]; - const char *ls, *rs; + char lsbuf[64], rsbuf[256]; + const char *ls, *rs = NULL; unsigned long f = 0, l, r; if (len == 0) @@ -583,8 +504,19 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) ls = lsbuf; } - rs = ERR_reason_error_string(e); + /* + * ERR_reason_error_string() can't safely return system error strings, + * since it would call openssl_strerror_r(), which needs a buffer for + * thread safety. So for system errors, we call openssl_strerror_r() + * directly instead. + */ r = ERR_GET_REASON(e); + if (ERR_SYSTEM_ERROR(e)) { + if (openssl_strerror_r(r, rsbuf, sizeof(rsbuf))) + rs = rsbuf; + } else { + rs = ERR_reason_error_string(e); + } if (rs == NULL) { BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); rs = rsbuf; @@ -642,6 +574,14 @@ const char *ERR_reason_error_string(unsigned long e) return NULL; } + /* + * ERR_reason_error_string() can't safely return system error strings, + * since openssl_strerror_r() needs a buffer for thread safety, and we + * haven't got one that would serve any sensible purpose. + */ + if (ERR_SYSTEM_ERROR(e)) + return NULL; + l = ERR_GET_LIB(e); r = ERR_GET_REASON(e); d.error = ERR_PACK(l, 0, r); diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h index 0374bf6a6f..add49af44c 100644 --- a/crypto/err/err_local.h +++ b/crypto/err/err_local.h @@ -38,7 +38,10 @@ static ossl_inline void err_clear_data(ERR_STATE *es, size_t i, int deall) static ossl_inline void err_set_error(ERR_STATE *es, size_t i, int lib, int reason) { - es->err_buffer[i] = ERR_PACK(lib, 0, reason); + es->err_buffer[i] = + lib == ERR_LIB_SYS + ? (unsigned int)(ERR_SYSTEM_FLAG | reason) + : ERR_PACK(lib, 0, reason); } static ossl_inline void err_set_debug(ERR_STATE *es, size_t i, diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 80cc0ecf1a..f67cf2e32b 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -23,16 +23,36 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), { CRYPTO_THREAD_ID tid = CRYPTO_THREAD_get_current_id(); unsigned long l; - char buf[ERR_PRINT_BUF_SIZE], *hex; - const char *lib, *reason; const char *file, *data, *func; int line, flags; while ((l = ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { + char buf[ERR_PRINT_BUF_SIZE], *hex; + const char *lib, *reason = NULL; + char rsbuf[256]; + unsigned long r = ERR_GET_REASON(l); + lib = ERR_lib_error_string(l); - reason = ERR_reason_error_string(l); + + /* + * ERR_reason_error_string() can't safely return system error strings, + * since it would call openssl_strerror_r(), which needs a buffer for + * thread safety. So for system errors, we call openssl_strerror_r() + * directly instead. + */ + if (ERR_SYSTEM_ERROR(l)) { + if (openssl_strerror_r(r, rsbuf, sizeof(rsbuf))) + reason = rsbuf; + } else { + reason = ERR_reason_error_string(l); + } + if (func == NULL) func = "unknown function"; + if (reason == NULL) { + BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); + reason = rsbuf; + } if ((flags & ERR_TXT_STRING) == 0) data = ""; hex = openssl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid), diff --git a/include/openssl/err.h b/include/openssl/err.h index aa8ffa9765..a40d231ea0 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -39,6 +39,7 @@ extern "C" { # endif # endif +# include # include # define ERR_TXT_MALLOCED 0x01 @@ -163,14 +164,95 @@ struct err_state_st { # define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) # endif -# define ERR_PACK(l,f,r) ( \ - (((unsigned int)(l) & 0x0FF) << 24L) | \ - (((unsigned int)(f) & 0xFFF) << 12L) | \ - (((unsigned int)(r) & 0xFFF) ) ) -# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) -# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) -# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) -# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) +/*- + * The error code packs differently depending on if it records a system + * error or an OpenSSL error. + * + * A system error packs like this (we follow POSIX and only allow positive + * numbers that fit in an |int|): + * + * +-+-------------------------------------------------------------+ + * |1| system error number | + * +-+-------------------------------------------------------------+ + * + * An OpenSSL error packs like this: + * + * <---------------------------- 32 bits --------------------------> + * <--- 8 bits ---><------------------ 23 bits -----------------> + * +-+---------------+---------------------------------------------+ + * |0| library | reason | + * +-+---------------+---------------------------------------------+ + * + * A few of the reason bits are reserved as flags with special meaning: + * + * <4 bits><-------------- 19 bits -------------> + * +-------+-------------------------------------+ + * | rflags| reason | + * +-------+-------------------------------------+ + * + * We have the reason flags being part of the overall reason code for + * backward compatibility reasons, i.e. how ERR_R_FATAL was implemented. + */ + +/* Macros to help decode recorded system errors */ +# define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1) +# define ERR_SYSTEM_MASK ((unsigned int)INT_MAX) + +/* Macros to help decode recorded OpenSSL errors */ +# define ERR_LIB_OFFSET 23L +# define ERR_LIB_MASK 0xFF +# define ERR_RFLAGS_OFFSET 19L +# define ERR_RFLAGS_MASK 0xF +# define ERR_REASON_MASK 0X7FFFFF + +/* + * Reason flags are defined pre-shifted to easily combine with the reason + * number. + */ +# define ERR_RFLAG_FATAL (0x1 << ERR_RFLAGS_OFFSET) + +# define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0) + +static ossl_inline int ERR_GET_LIB(unsigned long errcode) +{ + if (ERR_SYSTEM_ERROR(errcode)) + return ERR_LIB_SYS; + return (errcode >> ERR_LIB_OFFSET) & ERR_LIB_MASK; +} + +static ossl_inline int ERR_GET_FUNC(unsigned long errcode) +{ + return 0; +} + +static ossl_inline int ERR_GET_RFLAGS(unsigned long errcode) +{ + if (ERR_SYSTEM_ERROR(errcode)) + return 0; + return errcode & (ERR_RFLAGS_MASK << ERR_RFLAGS_OFFSET); +} + +static ossl_inline int ERR_GET_REASON(unsigned long errcode) +{ + if (ERR_SYSTEM_ERROR(errcode)) + return errcode & ERR_SYSTEM_MASK; + return errcode & ERR_REASON_MASK; +} + +static ossl_inline int ERR_FATAL_ERROR(unsigned long errcode) +{ + return (ERR_GET_RFLAGS(errcode) & ERR_RFLAG_FATAL) != 0; +} + +/* + * ERR_PACK is a helper macro to properly pack OpenSSL error codes and may + * only be used for that purpose. System errors are packed internally. + * ERR_PACK takes reason flags and reason code combined in |reason|. + * ERR_PACK ignores |func|, that parameter is just legacy from pre-3.0 OpenSSL. + */ +# define ERR_PACK(lib,func,reason) \ + ( (((unsigned long)(lib) & ERR_LIB_MASK ) << ERR_LIB_OFFSET) | \ + (((unsigned long)(reason) & ERR_REASON_MASK)) ) # ifndef OPENSSL_NO_DEPRECATED_3_0 # define SYS_F_FOPEN 0 @@ -200,7 +282,7 @@ struct err_state_st { # define SYS_F_SENDFILE 0 # endif -/* reasons */ +/* "we came from here" global reason codes, range 1..63 */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ # define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ # define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ @@ -221,21 +303,26 @@ struct err_state_st { # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ # define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ -# define ERR_R_NESTED_ASN1_ERROR 58 -# define ERR_R_MISSING_ASN1_EOS 63 - -/* fatal error */ -# define ERR_R_FATAL 64 -# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) -# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) -# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) -# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) -# define ERR_R_DISABLED (5|ERR_R_FATAL) -# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) -# define ERR_R_PASSED_INVALID_ARGUMENT (7) -# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) -# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL) -# define ERR_R_INTERRUPTED_OR_CANCELLED (10) +/* + * global reason codes, range 64..99 (sub-system specific codes start at 100) + * + * ERR_R_FATAL had dual purposes in pre-3.0 OpenSSL, as a standalone reason + * code as well as a fatal flag. This is still possible to do, as 2**6 (64) + * is present in the whole range of global reason codes. + */ +# define ERR_R_FATAL (64|ERR_RFLAG_FATAL) +# define ERR_R_MALLOC_FAILURE (65|ERR_RFLAG_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (66|ERR_RFLAG_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (67|ERR_RFLAG_FATAL) +# define ERR_R_INTERNAL_ERROR (68|ERR_RFLAG_FATAL) +# define ERR_R_DISABLED (69|ERR_RFLAG_FATAL) +# define ERR_R_INIT_FAIL (70|ERR_RFLAG_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (71) +# define ERR_R_OPERATION_FAIL (72|ERR_RFLAG_FATAL) +# define ERR_R_INVALID_PROVIDER_FUNCTIONS (73|ERR_RFLAG_FATAL) +# define ERR_R_INTERRUPTED_OR_CANCELLED (74) +# define ERR_R_NESTED_ASN1_ERROR (76) +# define ERR_R_MISSING_ASN1_EOS (77) /* * 99 is the maximum possible ERR_R_... code, higher values are reserved for diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index dd83f373b2..a252761ca4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2072,7 +2072,8 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) } #ifdef OPENSSL_NO_KTLS - ERR_raise_data(ERR_LIB_SYS, ERR_R_INTERNAL_ERROR, "calling sendfile()"); + ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR, + "can't call ktls_sendfile(), ktls disabled"); return -1; #else ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags); diff --git a/test/errtest.c b/test/errtest.c index f7a6f85470..e8c7d44306 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -25,24 +25,53 @@ static int test_print_error_format(void) { - static const char expected_format[] = - ":error::system library:%s:Operation not permitted:" + /* Variables used to construct an error line */ + const char *func = OPENSSL_FUNC; # ifndef OPENSSL_NO_FILENAMES - "errtest.c:30:"; + const char *file = OPENSSL_FILE; + const int line = OPENSSL_LINE; # else - ":0:"; + const char *file = ""; + const int line = 0; # endif - char expected[256]; + /* The format for OpenSSL error lines */ + const char *expected_format = ":error::system library:%s:%s:%s:%d"; + /*- + * ^^ ^^ ^^ ^^ + * function name -------------------------------------++ || || || + * reason string (system error string) ------------------++ || || + * file name -----------------------------------------------++ || + * line number ------------------------------------------------++ + */ + char expected[512]; + char *out = NULL, *p = NULL; int ret = 0, len; BIO *bio = NULL; + const int syserr = EPERM; + int reasoncode; + + /* + * We set a mark here so we can clear the system error that we generate + * with ERR_PUT_error(). That is, after all, just a simulation to verify + * ERR_print_errors() output, not a real error. + */ + ERR_set_mark(); - BIO_snprintf(expected, sizeof(expected), expected_format, OPENSSL_FUNC); + ERR_PUT_error(ERR_LIB_SYS, 0, syserr, file, line); + reasoncode = ERR_GET_REASON(ERR_peek_error()); + + if (!TEST_int_eq(reasoncode, syserr)) { + ERR_pop_to_mark(); + goto err; + } + + BIO_snprintf(expected, sizeof(expected), expected_format, + func, strerror(syserr), file, line); if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) - return 0; + goto err; - ERR_PUT_error(ERR_LIB_SYS, 0, 1, "errtest.c", 30); ERR_print_errors(bio); if (!TEST_int_gt(len = BIO_get_mem_data(bio, &out), 0)) @@ -106,7 +135,7 @@ static int raised_error(void) file = __FILE__; line = __LINE__ + 2; /* The error is generated on the ERR_raise_data line */ #endif - ERR_raise_data(ERR_LIB_SYS, ERR_R_INTERNAL_ERROR, + ERR_raise_data(ERR_LIB_NONE, ERR_R_INTERNAL_ERROR, "calling exit()"); if (!TEST_ulong_ne(e = ERR_get_error_all(&f, &l, NULL, &data, NULL), 0) || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR) diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t index 76e0bba43c..53a4ef8412 100644 --- a/test/recipes/02-test_errstr.t +++ b/test/recipes/02-test_errstr.t @@ -11,15 +11,9 @@ no strict 'refs'; # To be able to use strings as function refs use OpenSSL::Test; use OpenSSL::Test::Utils; use Errno qw(:POSIX); -use POSIX qw(strerror); +use POSIX qw(:limits_h strerror); -# We actually have space for up to 4095 error messages, -# numerically speaking... but we're currently only using -# numbers 1 through 127. -# This constant should correspond to the same constant -# defined in crypto/err/err.c, or at least must not be -# assigned a greater number. -use constant NUM_SYS_STR_REASONS => 127; +use Data::Dumper; setup('test_errstr'); @@ -40,84 +34,40 @@ plan skip_all => 'This is unsupported on MSYS/MinGW or MSWin32' plan skip_all => 'OpenSSL is configured "no-autoerrinit" or "no-err"' if disabled('autoerrinit') || disabled('err'); -# These are POSIX error names, which Errno implements as functions -# (this is documented) -my @posix_errors = @{$Errno::EXPORT_TAGS{POSIX}}; - -if ($^O eq 'MSWin32') { - # On Windows, these errors have been observed to not always be loaded by - # apps/openssl, while they are in perl, which causes a difference that we - # consider a false alarm. So we skip checking these errors. - # Because we can't know exactly what symbols exist in a perticular perl - # version, we resort to discovering them directly in the Errno package - # symbol table. - my @error_skiplist = qw( - ENETDOWN - ENETUNREACH - ENETRESET - ECONNABORTED - EISCONN - ENOTCONN - ESHUTDOWN - ETOOMANYREFS - ETIMEDOUT - EHOSTDOWN - EHOSTUNREACH - EALREADY - EINPROGRESS - ESTALE - EUCLEAN - ENOTNAM - ENAVAIL - ENOMEDIUM - ENOKEY - ); - @posix_errors = - grep { - my $x = $_; - ! grep { - exists $Errno::{$_} && $x == $Errno::{$_} - } @error_skiplist - } @posix_errors; -} +# OpenSSL constants found in +use constant ERR_SYSTEM_FLAG => INT_MAX + 1; +use constant ERR_LIB_OFFSET => 23; # Offset of the "library" errcode section + +# OpenSSL "library" numbers +use constant ERR_LIB_NONE => 1; -plan tests => scalar @posix_errors +# We use Errno::EXPORT_OK as a list of known errno values on the current +# system. libcrypto's ERR should either use the same string as perl, or if +# it was outside the range that ERR looks at, ERR gives the reason string +# "reason(nnn)", where nnn is the errno number. + +plan tests => scalar @Errno::EXPORT_OK +1 # Checking that error 128 gives 'reason(128)' +1 # Checking that error 0 gives the library name ; -foreach my $errname (@posix_errors) { - my $errnum = "Errno::$errname"->(); - - SKIP: { - skip "Error $errname ($errnum) isn't within our range", 1 - if $errnum > NUM_SYS_STR_REASONS; - - my $perr = eval { - # Set $! to the error number... - local $! = $errnum; - # ... and $! will give you the error string back - $! - }; - - # We know that the system reasons are in OpenSSL error library 2 - my @oerr = run(app([ qw(openssl errstr), sprintf("2%06x", $errnum) ]), - capture => 1); - $oerr[0] =~ s|\R$||; - @oerr = split_error($oerr[0]); - ok($oerr[3] eq $perr, "($errnum) '$oerr[3]' == '$perr'"); - } +# Test::More:ok() has a sub prototype, which means we need to use the '&ok' +# syntax to force it to accept a list as a series of arguments. + +foreach my $errname (@Errno::EXPORT_OK) { + # The error names are perl constants, which are implemented as functions + # returning the numeric value of that name. + &ok(match_syserr_reason("Errno::$errname"->())) } -my @after = run(app([ qw(openssl errstr 2000080) ]), capture => 1); -$after[0] =~ s|\R$||; - at after = split_error($after[0]); -ok($after[3] eq "reason(128)", "(128) '$after[3]' == 'reason(128)'"); +# OpenSSL library 1 is the "unknown" library +&ok(match_opensslerr_reason(ERR_LIB_NONE << ERR_LIB_OFFSET | 256, + "reason(256)")); +# Reason code 0 of any library gives the library name as reason +&ok(match_opensslerr_reason(ERR_LIB_NONE << ERR_LIB_OFFSET | 0, + "unknown library")); -my @zero = run(app([ qw(openssl errstr 2000000) ]), capture => 1); -$zero[0] =~ s|\R$||; - at zero = split_error($zero[0]); -ok($zero[3] eq "system library", "(0) '$zero[3]' == 'system library'"); +exit 0; # For an error string "error:xxxxxxxx:lib:func:reason", this returns # the following array: @@ -132,3 +82,54 @@ sub split_error { return @erritems; } + +# Compares the first argument as string to each of the arguments 3 and on, +# and returns an array of two elements: +# 0: True if the first argument matched any of the others, otherwise false +# 1: A string describing the test +# The returned array can be used as the arguments to Test::More::ok() +sub match_any { + my $first = shift; + my $desc = shift; + my @strings = @_; + + if (scalar @strings > 1) { + $desc = "match '$first' ($desc) with one of ( '" + . join("', '", @strings) . "' )"; + } else { + $desc = "match '$first' ($desc) with '$strings[0]'"; + } + + return ( scalar( grep { $first eq $_ } @strings ) > 0, + $desc ); +} + +sub match_opensslerr_reason { + my $errcode = shift; + my @strings = @_; + + my $errcode_hex = sprintf "%x", $errcode; + my $reason = + ( run(app([ qw(openssl errstr), $errcode_hex ]), capture => 1) )[0]; + $reason =~ s|\R$||; + $reason = ( split_error($reason) )[3]; + + return match_any($reason, $errcode, @strings); +} + +sub match_syserr_reason { + my $errcode = shift; + + my @strings = (); + # The POSIX reason string + push @strings, eval { + # Set $! to the error number... + local $! = $errcode; + # ... and $! will give you the error string back + $! + }; + # The OpenSSL fallback string + push @strings, "reason($errcode)"; + + return match_opensslerr_reason(ERR_SYSTEM_FLAG | $errcode, @strings); +} From builds at travis-ci.com Sun Jul 5 21:37:11 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 05 Jul 2020 21:37:11 +0000 Subject: Errored: openssl/openssl#35959 (master - 1b726e9) In-Reply-To: Message-ID: <5f024806b9b14_13fa436bb9ad01349ba@travis-pro-tasks-7d4d59dff5-7djmk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35959 Status: Errored Duration: 1 hr, 38 mins, and 32 secs Commit: 1b726e9 (master) Author: Richard Levitte Message: TEST: update 02-test_errstr.t to have better tests We now check that if libcrypto hasn't loaded the string for some particular system error, it gives us "reason(nnn)" instead, where 'nnn' is the system error number in decimal. We go through all possible error macros that perl serves us, not only the POSIX ones. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12343) View the changeset: https://github.com/openssl/openssl/compare/dd76b90ef6cf...1b726e9b91a0 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174343182?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 6 01:48:03 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 06 Jul 2020 01:48:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1594000083.499184.17522.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=2526, 830 wallclock secs (12.57 usr 1.35 sys + 767.25 cusr 56.29 csys = 837.46 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 6 07:15:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 06 Jul 2020 07:15:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1594019700.366590.1401.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): C0D0659B617F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0659B617F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0659B617F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0D0659B617F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0D0659B617F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0659B617F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0659B617F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0659B617F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0659B617F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0659B617F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C09098BD5E7F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C040E760097F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=2559, 813 wallclock secs (12.42 usr 1.27 sys + 759.64 cusr 52.30 csys = 825.63 CPU) Result: FAIL Makefile:3066: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3064: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 6 07:35:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 06 Jul 2020 07:35:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1594020904.738576.13775.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=204, Tests=2659, 712 wallclock secs (10.42 usr 1.08 sys + 662.34 cusr 52.14 csys = 725.98 CPU) Result: FAIL Makefile:3121: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3119: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Mon Jul 6 08:37:29 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 06 Jul 2020 08:37:29 +0000 Subject: [openssl] master update Message-ID: <1594024649.854148.2415.nullmailer@dev.openssl.org> The branch master has been updated via 2d9f56e9992ef3725b87a0a8e6165a18d038b784 (commit) via b5588178232f5cbf32662dfa173c72a001d54aeb (commit) via 63ee6ec17714f5446a3656083e438ec941bdd542 (commit) via f29dbb08668318b84d7bca0bd63c585e0169545e (commit) via 09ce6e0854b9dee49a25662e1aaaa869b2afc2a1 (commit) via ee0c849e5a1c26ed16c08311efdfd78c8e4c8221 (commit) via 978cc3648d02551c6ada328708306dad2d3ce07a (commit) via 1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d (commit) via 27d4c840fc399fe0d4550a5b88e91ecca887d1a4 (commit) via 524cb684ac00922c4a21235a8ae2c66596893437 (commit) via e71fd827bcff720fb47e39c69cc468da9452935d (commit) via f0237a6c6266535e105d6778ca7c34a080b88e92 (commit) via ebacd57bee1baef6236a518a0eec3135d593f47a (commit) via ec27e619e86c6ce4dfa905044eb4737eeba28a9d (commit) from 1b726e9b91a032298dc96ad117b23e18e1583246 (commit) - Log ----------------------------------------------------------------- commit 2d9f56e9992ef3725b87a0a8e6165a18d038b784 Author: Matt Caswell Date: Fri Jun 26 18:22:18 2020 +0100 Ensure TLS padding is added during encryption on the provider side Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit b5588178232f5cbf32662dfa173c72a001d54aeb Author: Matt Caswell Date: Fri Jun 26 13:05:18 2020 +0100 Convert SSLv3 handling to use provider side CBC/MAC removal Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 63ee6ec17714f5446a3656083e438ec941bdd542 Author: Matt Caswell Date: Tue Jun 23 16:47:31 2020 +0100 Ensure any allocated MAC is freed in the provider code Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit f29dbb08668318b84d7bca0bd63c585e0169545e Author: Matt Caswell Date: Tue Jun 23 14:34:45 2020 +0100 Decreate the length after decryption for the stitched ciphers Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 09ce6e0854b9dee49a25662e1aaaa869b2afc2a1 Author: Matt Caswell Date: Mon Jun 22 16:02:12 2020 +0100 Ensure the sslcorrupttest checks all errors on the queue sslcorrupttest was looking for a "decryption failed or bad record mac" error in the queue. However if there were multiple errors on the queue then it would fail to find it. We modify the test to check all errors. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit ee0c849e5a1c26ed16c08311efdfd78c8e4c8221 Author: Matt Caswell Date: Mon Jun 22 16:01:31 2020 +0100 Ensure GCM "update" failures return 0 on error EVP_CipherUpdate is supposed to return 1 for success or 0 for error. However for GCM ciphers it was sometimes returning -1 for error. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 978cc3648d02551c6ada328708306dad2d3ce07a Author: Matt Caswell Date: Mon Jun 22 15:04:50 2020 +0100 Ensure cipher_generic_initkey gets passed the actual provider ctx We were not correctly passing the provider ctx down the chain during initialisation of a new cipher ctx. Instead the provider ctx got set to NULL. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d Author: Matt Caswell Date: Mon Jun 22 10:51:48 2020 +0100 Make the NULL cipher TLS aware Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 27d4c840fc399fe0d4550a5b88e91ecca887d1a4 Author: Matt Caswell Date: Fri Jun 19 17:26:49 2020 +0100 Change ChaCha20-Poly1305 to be consistent with out ciphers Other ciphers return the length of the Payload for TLS as a result of an EVP_DecryptUpdate() operation - but ChaCha20-Poly1305 did not. We change it so that it does. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit 524cb684ac00922c4a21235a8ae2c66596893437 Author: Matt Caswell Date: Wed Jun 17 17:16:22 2020 +0100 Make libssl start using the TLS provider CBC support Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit e71fd827bcff720fb47e39c69cc468da9452935d Author: Matt Caswell Date: Wed May 27 17:20:18 2020 +0100 Add provider support for TLS CBC padding and MAC removal The previous commits separated out the TLS CBC padding code in libssl. Now we can use that code to directly support TLS CBC padding and MAC removal in provided ciphers. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit f0237a6c6266535e105d6778ca7c34a080b88e92 Author: Matt Caswell Date: Wed Jun 10 15:34:04 2020 +0100 Remove SSL dependencies from tls_pad.c Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit ebacd57bee1baef6236a518a0eec3135d593f47a Author: Matt Caswell Date: Wed Jun 10 15:11:28 2020 +0100 Split the padding/mac removal functions out into a separate file We split these functions out into a separate file because we are preparing to make this file shared between libssl and providers. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) commit ec27e619e86c6ce4dfa905044eb4737eeba28a9d Author: Matt Caswell Date: Wed Jun 3 17:42:01 2020 +0100 Move MAC removal responsibility to the various protocol "enc" functions For CBC ciphersuites using Mac-then-encrypt we have to be careful about removing the MAC from the record in constant time. Currently that happens immediately before MAC verification. Instead we move this responsibility to the various protocol "enc" functions so that MAC removal is handled at the same time as padding removal. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) ----------------------------------------------------------------------- Summary of changes: include/openssl/core_names.h | 43 +- providers/implementations/ciphers/cipher_aes.c | 1 + .../ciphers/cipher_aes_cbc_hmac_sha.c | 8 +- .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 2 + .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c | 2 + providers/implementations/ciphers/cipher_aes_ocb.c | 1 + providers/implementations/ciphers/cipher_aes_wrp.c | 1 + providers/implementations/ciphers/cipher_aes_xts.c | 1 + providers/implementations/ciphers/cipher_aria.c | 1 + .../implementations/ciphers/cipher_blowfish.c | 1 + .../implementations/ciphers/cipher_camellia.c | 1 + providers/implementations/ciphers/cipher_cast5.c | 1 + .../implementations/ciphers/cipher_chacha20.c | 1 + .../ciphers/cipher_chacha20_poly1305.c | 5 +- .../ciphers/cipher_chacha20_poly1305_hw.c | 2 + providers/implementations/ciphers/cipher_des.c | 1 + providers/implementations/ciphers/cipher_idea.c | 1 + providers/implementations/ciphers/cipher_null.c | 83 ++- providers/implementations/ciphers/cipher_rc2.c | 1 + providers/implementations/ciphers/cipher_rc4.c | 1 + .../implementations/ciphers/cipher_rc4_hmac_md5.c | 1 + providers/implementations/ciphers/cipher_rc5.c | 1 + providers/implementations/ciphers/cipher_seed.c | 1 + providers/implementations/ciphers/cipher_sm4.c | 1 + .../implementations/ciphers/cipher_tdes_common.c | 1 + providers/implementations/ciphers/ciphercommon.c | 130 ++++ .../implementations/ciphers/ciphercommon_block.c | 75 ++ .../implementations/ciphers/ciphercommon_gcm.c | 4 +- .../implementations/ciphers/ciphercommon_local.h | 3 + .../implementations/include/prov/ciphercommon.h | 21 +- ssl/build.info | 4 +- ssl/record/rec_layer_d1.c | 2 +- ssl/record/rec_layer_s3.c | 5 +- ssl/record/record.h | 15 +- ssl/record/record_local.h | 22 +- ssl/record/ssl3_record.c | 809 ++++++++------------- ssl/record/ssl3_record_tls13.c | 41 +- ssl/record/tls_pad.c | 319 ++++++++ ssl/s3_enc.c | 6 + ssl/ssl_lib.c | 25 +- ssl/ssl_local.h | 5 +- ssl/t1_enc.c | 45 ++ test/sslcorrupttest.c | 14 +- test/tls13encryptiontest.c | 4 +- 44 files changed, 1124 insertions(+), 588 deletions(-) create mode 100644 ssl/record/tls_pad.c diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index fe126ccd7a..9ad81337c3 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -42,27 +42,30 @@ extern "C" { #define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ /* cipher parameters */ -#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ -#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ -#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ -#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ -#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ -#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ -#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ -#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ +#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ +#define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" /* uint */ +#define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" /* octet_ptr */ +#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ +#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ +#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ +#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ +#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ +#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ #define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN -#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ -#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ +#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ +#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ /* For passing the AlgorithmIdentifier parameter in DER form */ #define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ diff --git a/providers/implementations/ciphers/cipher_aes.c b/providers/implementations/ciphers/cipher_aes.c index ea23e1eed9..decc27517c 100644 --- a/providers/implementations/ciphers/cipher_aes.c +++ b/providers/implementations/ciphers/cipher_aes.c @@ -26,6 +26,7 @@ static void aes_freectx(void *vctx) { PROV_AES_CTX *ctx = (PROV_AES_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index d684914c5a..046a66c56d 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -283,8 +283,10 @@ static void aes_cbc_hmac_sha1_freectx(void *vctx) { PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; - if (ctx != NULL) + if (ctx != NULL) { + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); + } } static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits, @@ -304,8 +306,10 @@ static void aes_cbc_hmac_sha256_freectx(void *vctx) { PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; - if (ctx != NULL) + if (ctx != NULL) { + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); + } } # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c index dc2412c7b5..12644e780f 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -60,6 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c index f2a233710c..35106e0171 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -62,6 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx, ctx->payload_length = NO_PAYLOAD_LENGTH; + vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE; + return ret < 0 ? 0 : 1; } diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index 09c38b7ef4..2f30b7ffdf 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -305,6 +305,7 @@ static void aes_ocb_freectx(void *vctx) if (ctx != NULL) { aes_generic_ocb_cleanup(ctx); + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } } diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index 9782afa137..5c2ab1c507 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -64,6 +64,7 @@ static void aes_wrap_freectx(void *vctx) { PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(wctx, sizeof(*wctx)); } diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index 96e885e2ca..f564075abe 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -120,6 +120,7 @@ static void aes_xts_freectx(void *vctx) { PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_aria.c b/providers/implementations/ciphers/cipher_aria.c index 67dfe0d35f..a079617928 100644 --- a/providers/implementations/ciphers/cipher_aria.c +++ b/providers/implementations/ciphers/cipher_aria.c @@ -19,6 +19,7 @@ static void aria_freectx(void *vctx) { PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index bb2fa88f6a..3eb4ebead2 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -27,6 +27,7 @@ static void blowfish_freectx(void *vctx) { PROV_BLOWFISH_CTX *ctx = (PROV_BLOWFISH_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_camellia.c b/providers/implementations/ciphers/cipher_camellia.c index abb24621a6..ffb23b475a 100644 --- a/providers/implementations/ciphers/cipher_camellia.c +++ b/providers/implementations/ciphers/cipher_camellia.c @@ -25,6 +25,7 @@ static void camellia_freectx(void *vctx) { PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index febadfb62b..938b8d2013 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -28,6 +28,7 @@ static void cast5_freectx(void *vctx) { PROV_CAST_CTX *ctx = (PROV_CAST_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c index 45571180c8..6759b0e0f9 100644 --- a/providers/implementations/ciphers/cipher_chacha20.c +++ b/providers/implementations/ciphers/cipher_chacha20.c @@ -55,6 +55,7 @@ static void chacha20_freectx(void *vctx) PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)vctx; if (ctx != NULL) { + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } } diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c index c34ef320ab..a93f722551 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c @@ -65,8 +65,10 @@ static void chacha20_poly1305_freectx(void *vctx) { PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx; - if (ctx != NULL) + if (ctx != NULL) { + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); + } } static int chacha20_poly1305_get_params(OSSL_PARAM params[]) @@ -275,7 +277,6 @@ static int chacha20_poly1305_cipher(void *vctx, unsigned char *out, if (!hw->aead_cipher(ctx, out, outl, in, inl)) return 0; - *outl = inl; return 1; } diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c index 74b8fb6586..70ffaf1588 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c @@ -252,6 +252,8 @@ static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx, len - POLY1305_BLOCK_SIZE); return 0; } + /* Strip the tag */ + len -= POLY1305_BLOCK_SIZE; } *out_padlen = len; diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 7a7f16e454..7a60e0501c 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -58,6 +58,7 @@ static void des_freectx(void *vctx) { PROV_DES_CTX *ctx = (PROV_DES_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_idea.c b/providers/implementations/ciphers/cipher_idea.c index 68cca45f92..7fc5d8403d 100644 --- a/providers/implementations/ciphers/cipher_idea.c +++ b/providers/implementations/ciphers/cipher_idea.c @@ -26,6 +26,7 @@ static void idea_freectx(void *vctx) { PROV_IDEA_CTX *ctx = (PROV_IDEA_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c index 3018a5b075..713d29e3e8 100644 --- a/providers/implementations/ciphers/cipher_null.c +++ b/providers/implementations/ciphers/cipher_null.c @@ -14,22 +14,37 @@ #include "prov/ciphercommon.h" #include "prov/providercommonerr.h" +typedef struct prov_cipher_null_ctx_st { + int enc; + size_t tlsmacsize; + const unsigned char *tlsmac; +} PROV_CIPHER_NULL_CTX; + static OSSL_FUNC_cipher_newctx_fn null_newctx; static void *null_newctx(void *provctx) { - static int dummy = 0; - - return &dummy; + return OPENSSL_zalloc(sizeof(PROV_CIPHER_NULL_CTX)); } static OSSL_FUNC_cipher_freectx_fn null_freectx; static void null_freectx(void *vctx) { + OPENSSL_free(vctx); +} + +static OSSL_FUNC_cipher_encrypt_init_fn null_einit; +static int null_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + + ctx->enc = 1; + return 1; } -static OSSL_FUNC_cipher_encrypt_init_fn null_init; -static int null_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) +static OSSL_FUNC_cipher_decrypt_init_fn null_dinit; +static int null_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) { return 1; } @@ -38,6 +53,18 @@ static OSSL_FUNC_cipher_cipher_fn null_cipher; static int null_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl) { + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + + if (!ctx->enc && ctx->tlsmacsize > 0) { + /* + * TLS NULL cipher as per: + * https://tools.ietf.org/html/rfc5246#section-6.2.3.1 + */ + if (inl < ctx->tlsmacsize) + return 0; + ctx->tlsmac = in + inl - ctx->tlsmacsize; + inl -= ctx->tlsmacsize; + } if (outsize < inl) return 0; if (in != out) @@ -63,6 +90,7 @@ static int null_get_params(OSSL_PARAM params[]) static const OSSL_PARAM null_known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED }, OSSL_PARAM_END }; @@ -75,6 +103,7 @@ static const OSSL_PARAM *null_gettable_ctx_params(void) static OSSL_FUNC_cipher_get_ctx_params_fn null_get_ctx_params; static int null_get_ctx_params(void *vctx, OSSL_PARAM params[]) { + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); @@ -87,6 +116,41 @@ static int null_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC); + if (p != NULL + && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + return 1; +} + +static const OSSL_PARAM null_known_settable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL), + OSSL_PARAM_END +}; + +static OSSL_FUNC_cipher_settable_ctx_params_fn null_settable_ctx_params; +static const OSSL_PARAM *null_settable_ctx_params(void) +{ + return null_known_settable_ctx_params; +} + + +static OSSL_FUNC_cipher_set_ctx_params_fn null_set_ctx_params; +static int null_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE); + if (p != NULL) { + if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + } + return 1; } @@ -95,8 +159,8 @@ const OSSL_DISPATCH null_functions[] = { (void (*)(void)) null_newctx }, { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) null_freectx }, { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) null_newctx }, - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_init }, - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_init }, + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_einit }, + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))null_cipher }, { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))null_final }, { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))null_cipher }, @@ -106,5 +170,8 @@ const OSSL_DISPATCH null_functions[] = { { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))null_get_ctx_params }, { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, (void (*)(void))null_gettable_ctx_params }, + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))null_set_ctx_params }, + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, + (void (*)(void))null_settable_ctx_params }, { 0, NULL } }; diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index f2304b7c0f..d1558be002 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -32,6 +32,7 @@ static void rc2_freectx(void *vctx) { PROV_RC2_CTX *ctx = (PROV_RC2_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c index 97d66660f0..4660185d45 100644 --- a/providers/implementations/ciphers/cipher_rc4.c +++ b/providers/implementations/ciphers/cipher_rc4.c @@ -28,6 +28,7 @@ static void rc4_freectx(void *vctx) { PROV_RC4_CTX *ctx = (PROV_RC4_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index 836274abb0..d9535e23ce 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -62,6 +62,7 @@ static void rc4_hmac_md5_freectx(void *vctx) { PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c index 4d71927914..68ce6fdd91 100644 --- a/providers/implementations/ciphers/cipher_rc5.c +++ b/providers/implementations/ciphers/cipher_rc5.c @@ -28,6 +28,7 @@ static void rc5_freectx(void *vctx) { PROV_RC5_CTX *ctx = (PROV_RC5_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_seed.c b/providers/implementations/ciphers/cipher_seed.c index 3a3e012fe0..53520b3c4d 100644 --- a/providers/implementations/ciphers/cipher_seed.c +++ b/providers/implementations/ciphers/cipher_seed.c @@ -25,6 +25,7 @@ static void seed_freectx(void *vctx) { PROV_SEED_CTX *ctx = (PROV_SEED_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_sm4.c b/providers/implementations/ciphers/cipher_sm4.c index e7208ad16c..a5920562fc 100644 --- a/providers/implementations/ciphers/cipher_sm4.c +++ b/providers/implementations/ciphers/cipher_sm4.c @@ -19,6 +19,7 @@ static void sm4_freectx(void *vctx) { PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index 4e50450e4d..6cdc88749c 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -48,6 +48,7 @@ void tdes_freectx(void *vctx) { PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx; + cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); OPENSSL_clear_free(ctx, sizeof(*ctx)); } diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 93bee0dc0f..a8905d1242 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -11,6 +11,8 @@ * Generic dispatch table functions for ciphers. */ +/* For SSL3_VERSION */ +#include #include "ciphercommon_local.h" #include "prov/provider_ctx.h" #include "prov/providercommonerr.h" @@ -24,6 +26,7 @@ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL), + { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED }, OSSL_PARAM_END }; const OSSL_PARAM *cipher_generic_gettable_params(void) @@ -69,6 +72,8 @@ CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic) CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic) CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_generic) +OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL), +OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL), CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_generic) /* @@ -130,6 +135,15 @@ const OSSL_PARAM *cipher_aead_settable_ctx_params(void) return cipher_aead_known_settable_ctx_params; } +void cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx) +{ + if (ctx != NULL && ctx->alloced) { + OPENSSL_free(ctx->tlsmac); + ctx->alloced = 0; + ctx->tlsmac = NULL; + } +} + static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, @@ -169,6 +183,9 @@ int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen, iv, ivlen, 0); } +/* Max padding including padding length byte */ +#define MAX_PADDING 256 + int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl) @@ -178,6 +195,81 @@ int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl, size_t blksz = ctx->blocksize; size_t nextblocks; + if (ctx->tlsversion > 0) { + /* + * Each update call corresponds to a TLS record and is individually + * padded + */ + + /* Sanity check inputs */ + if (in == NULL + || in != out + || outsize < inl + || !ctx->pad) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + if (ctx->enc) { + unsigned char padval; + size_t padnum, loop; + + /* Add padding */ + + padnum = blksz - (inl % blksz); + + if (outsize < inl + padnum) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + if (padnum > MAX_PADDING) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + padval = (unsigned char)(padnum - 1); + if (ctx->tlsversion == SSL3_VERSION) { + if (padnum > 1) + memset(out + inl, 0, padnum - 1); + *(out + inl + padnum - 1) = padval; + } else { + /* we need to add 'padnum' padding bytes of value padval */ + for (loop = inl; loop < inl + padnum; loop++) + out[loop] = padval; + } + inl += padnum; + } + + if ((inl % blksz) != 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + + /* Shouldn't normally fail */ + if (!ctx->hw->cipher(ctx, out, in, inl)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + if (ctx->alloced) { + OPENSSL_free(ctx->tlsmac); + ctx->alloced = 0; + ctx->tlsmac = NULL; + } + + /* This only fails if padding is publicly invalid */ + *outl = inl; + if (!ctx->enc + && !tlsunpadblock(ctx->libctx, ctx->tlsversion, out, outl, + blksz, &ctx->tlsmac, &ctx->alloced, + ctx->tlsmacsize, 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + return 1; + } + if (ctx->bufsz != 0) nextblocks = fillblock(ctx->buf, &ctx->bufsz, blksz, &in, &inl); else @@ -238,6 +330,12 @@ int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl, PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; size_t blksz = ctx->blocksize; + if (ctx->tlsversion > 0) { + /* We never finalize TLS, so this is an error */ + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + if (ctx->enc) { if (ctx->pad) { padblock(ctx->buf, &ctx->bufsz, blksz); @@ -314,6 +412,18 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl, } *outl = inl; + /* + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ + if (!ctx->enc && ctx->removetlspad > 0) { + /* The actual padding length */ + *outl -= out[inl - 1] + 1; + + /* MAC and explicit IV */ + *outl -= ctx->removetlspad; + } + return 1; } int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, @@ -375,6 +485,12 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC); + if (p != NULL + && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } return 1; } @@ -393,6 +509,20 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } ctx->pad = pad ? 1 : 0; } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION); + if (p != NULL) { + if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE); + if (p != NULL) { + if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM); if (p != NULL) { unsigned int num; diff --git a/providers/implementations/ciphers/ciphercommon_block.c b/providers/implementations/ciphers/ciphercommon_block.c index ac792d68d7..ba6f68eeff 100644 --- a/providers/implementations/ciphers/ciphercommon_block.c +++ b/providers/implementations/ciphers/ciphercommon_block.c @@ -8,9 +8,31 @@ */ #include +/* For SSL3_VERSION, TLS1_VERSION etc */ +#include +#include +#include "internal/constant_time.h" #include "ciphercommon_local.h" #include "prov/providercommonerr.h" +/* Functions defined in ssl/tls_pad.c */ +int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OPENSSL_CTX *libctx); + +int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OPENSSL_CTX *libctx); + /* * Fills a single block of buffered data from the input, and returns the amount * of data remaining in the input that is a multiple of the blocksize. The buffer @@ -110,3 +132,56 @@ int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize) *buflen = len; return 1; } + +/*- + * tlsunpadblock removes the CBC padding from the decrypted, TLS, CBC + * record in constant time. Also removes the MAC from the record in constant + * time. + * + * libctx: Our library context + * tlsversion: The TLS version in use, e.g. SSL3_VERSION, TLS1_VERSION, etc + * buf: The decrypted TLS record data + * buflen: The length of the decrypted TLS record data. Updated with the new + * length after the padding is removed + * block_size: the block size of the cipher used to encrypt the record. + * mac: Location to store the pointer to the MAC + * alloced: Whether the MAC is stored in a newly allocated buffer, or whether + * *mac points into *buf + * macsize: the size of the MAC inside the record (or 0 if there isn't one) + * aead: whether this is an aead cipher + * returns: + * 0: (in non-constant time) if the record is publicly invalid. + * 1: (in constant time) Record is publicly valid. If padding is invalid then + * the mac is random + */ +int tlsunpadblock(OPENSSL_CTX *libctx, unsigned int tlsversion, + unsigned char *buf, size_t *buflen, size_t blocksize, + unsigned char **mac, int *alloced, size_t macsize, int aead) +{ + int ret; + + switch (tlsversion) { + case SSL3_VERSION: + return ssl3_cbc_remove_padding_and_mac(buflen, *buflen, buf, mac, + alloced, blocksize, macsize, + libctx); + + case TLS1_2_VERSION: + case DTLS1_2_VERSION: + case TLS1_1_VERSION: + case DTLS1_VERSION: + case DTLS1_BAD_VER: + /* Remove the explicit IV */ + buf += blocksize; + *buflen -= blocksize; + /* Fall through */ + case TLS1_VERSION: + ret = tls1_cbc_remove_padding_and_mac(buflen, *buflen, buf, mac, + alloced, blocksize, macsize, + aead, libctx); + return ret; + + default: + return 0; + } +} diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index 7daa8dce5b..080fcc9bc2 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -280,12 +280,12 @@ int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl, if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return -1; + return 0; } if (gcm_cipher_internal(ctx, out, outl, in, inl) <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return -1; + return 0; } return 1; } diff --git a/providers/implementations/ciphers/ciphercommon_local.h b/providers/implementations/ciphers/ciphercommon_local.h index 1c4716f357..43c1c192af 100644 --- a/providers/implementations/ciphers/ciphercommon_local.h +++ b/providers/implementations/ciphers/ciphercommon_local.h @@ -11,3 +11,6 @@ void padblock(unsigned char *buf, size_t *buflen, size_t blocksize); int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize); +int tlsunpadblock(OPENSSL_CTX *libctx, unsigned int tlsversion, + unsigned char *buf, size_t *buflen, size_t blocksize, + unsigned char **mac, int *alloced, size_t macsize, int aead); diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index fa6eec6a27..a5ffbc48a1 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -31,6 +31,9 @@ typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX; typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len); +/* TODO(3.0): VERIFY ME */ +#define MAX_TLS_MAC_SIZE 48 + struct prov_cipher_ctx_st { block128_f block; union { @@ -48,6 +51,19 @@ struct prov_cipher_ctx_st { unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */ + unsigned int tlsversion; /* If TLS padding is in use the TLS version number */ + unsigned char *tlsmac; /* tls MAC extracted from the last record */ + int alloced; /* + * Whether the tlsmac data has been allocated or + * points into the user buffer. + */ + size_t tlsmacsize; /* Size of the TLS MAC */ + size_t removetlspad; /* + * Length of the fixed size data to remove when + * removing TLS padding (equals mac size plus + * IV size if applicable) + */ + /* * num contains the number of bytes of |iv| which are valid for modes that * manage partial blocks themselves. @@ -71,6 +87,7 @@ struct prov_cipher_hw_st { void (*copyctx)(PROV_CIPHER_CTX *dst, const PROV_CIPHER_CTX *src); }; +void cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx); OSSL_FUNC_cipher_encrypt_init_fn cipher_generic_einit; OSSL_FUNC_cipher_decrypt_init_fn cipher_generic_dinit; OSSL_FUNC_cipher_update_fn cipher_generic_block_update; @@ -87,6 +104,7 @@ OSSL_FUNC_cipher_set_ctx_params_fn cipher_var_keylen_set_ctx_params; OSSL_FUNC_cipher_settable_ctx_params_fn cipher_var_keylen_settable_ctx_params; OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params; OSSL_FUNC_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params; + int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, unsigned long flags, size_t kbits, size_t blkbits, size_t ivbits); @@ -164,7 +182,8 @@ static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ if (ctx != NULL) { \ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ EVP_CIPH_##UCMODE##_MODE, flags, \ - PROV_CIPHER_HW_##alg##_##lcmode(kbits), NULL); \ + PROV_CIPHER_HW_##alg##_##lcmode(kbits), \ + provctx); \ } \ return ctx; \ } \ diff --git a/ssl/build.info b/ssl/build.info index 5d70dec676..fd187ac7e5 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -27,5 +27,7 @@ SOURCE[../libssl]=\ ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \ bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ - statem/statem.c record/ssl3_record_tls13.c + statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c DEFINE[../libssl]=$AESDEF + +SOURCE[../providers/libcommon.a]=record/tls_pad.c diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 9a82e3ffa2..866ef18381 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -939,7 +939,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (eivlen) SSL3_RECORD_add_length(&wr, eivlen); - if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) { + if (s->method->ssl3_enc->enc(s, &wr, 1, 1, NULL, mac_size) < 1) { if (!ossl_statem_in_error(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index fac3506b19..8ea16672b6 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1044,7 +1044,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * We haven't actually negotiated the version yet, but we're trying to * send early data - so we need to use the tls13enc function. */ - if (tls13_enc(s, wr, numpipes, 1) < 1) { + if (tls13_enc(s, wr, numpipes, 1, NULL, mac_size) < 1) { if (!ossl_statem_in_error(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); @@ -1053,7 +1053,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } } else { if (!BIO_get_ktls_send(s->wbio)) { - if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) { + if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, + mac_size) < 1) { if (!ossl_statem_in_error(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); diff --git a/ssl/record/record.h b/ssl/record/record.h index 0504a6f959..234656bf93 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -178,6 +178,12 @@ typedef struct record_layer_st { * * *****************************************************************************/ +struct ssl_mac_buf_st { + unsigned char *mac; + int alloced; +}; +typedef struct ssl_mac_buf_st SSL_MAC_BUF; + #define MIN_SSL2_RECORD_LEN 9 #define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) @@ -213,13 +219,16 @@ __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, size_t len, int peek, size_t *readbytes); __owur int ssl3_setup_buffers(SSL *s); -__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send); +__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send, + SSL_MAC_BUF *mac, size_t macsize); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, size_t *written); -__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send); +__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, + SSL_MAC_BUF *mac, size_t macsize); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); -__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send); +__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send, + SSL_MAC_BUF *mac, size_t macsize); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h index f7734d832b..9047c23fd5 100644 --- a/ssl/record/record_local.h +++ b/ssl/record/record_local.h @@ -107,13 +107,21 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); int ssl3_get_record(SSL *s); __owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); -int ssl3_cbc_copy_mac(unsigned char *out, - const SSL3_RECORD *rec, size_t md_size); -__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - size_t block_size, size_t mac_size); -__owur int tls1_cbc_remove_padding(const SSL *s, - SSL3_RECORD *rec, - size_t block_size, size_t mac_size); +__owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OPENSSL_CTX *libctx); +__owur int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OPENSSL_CTX *libctx); int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); __owur int dtls1_get_record(SSL *s); int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index a2f7f848d1..80990e8296 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -8,9 +8,9 @@ */ #include "../ssl_local.h" -#include "internal/constant_time.h" #include #include +#include #include "record_local.h" #include "internal/cryptlib.h" @@ -182,12 +182,13 @@ int ssl3_get_record(SSL *s) unsigned char *p; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int version; - size_t mac_size; + size_t mac_size = 0; int imac_size; size_t num_recs = 0, max_recs, j; PACKET pkt, sslv2pkt; - size_t first_rec_len; int is_ktls_left; + SSL_MAC_BUF *macbufs = NULL; + int ret = -1; rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -526,20 +527,28 @@ int ssl3_get_record(SSL *s) if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) goto skip_decryption; + /* TODO(size_t): convert this to do size_t properly */ + if (s->read_hash != NULL) { + const EVP_MD *tmpmd = EVP_MD_CTX_md(s->read_hash); + + if (tmpmd != NULL) { + imac_size = EVP_MD_size(tmpmd); + if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_LIB_EVP); + return -1; + } + mac_size = (size_t)imac_size; + } + } + /* * If in encrypt-then-mac mode calculate mac from encrypted record. All * the details below are public so no timing details can leak. */ if (SSL_READ_ETM(s) && s->read_hash) { unsigned char *mac; - /* TODO(size_t): convert this to do size_t properly */ - imac_size = EVP_MD_CTX_size(s->read_hash); - if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, - ERR_LIB_EVP); - return -1; - } - mac_size = (size_t)imac_size; + for (j = 0; j < num_recs; j++) { thisrr = &rr[j]; @@ -557,27 +566,39 @@ int ssl3_get_record(SSL *s) return -1; } } + /* + * We've handled the mac now - there is no MAC inside the encrypted + * record + */ + mac_size = 0; } - first_rec_len = rr[0].length; + if (mac_size > 0) { + macbufs = OPENSSL_zalloc(sizeof(*macbufs) * num_recs); + if (macbufs == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_R_MALLOC_FAILURE); + return -1; + } + } - enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0); + enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size); /*- * enc_err is: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding is valid - * -1: if the padding is invalid + * 0: if the record is publicly invalid, or an internal error, or AEAD + * decryption failed, or ETM decryption failed. + * 1: Success or MTE decryption failed (MAC will be randomised) */ if (enc_err == 0) { if (ossl_statem_in_error(s)) { /* SSLfatal() already got called */ - return -1; + goto end; } if (num_recs == 1 && ossl_statem_skip_early_data(s)) { /* - * Valid early_data that we cannot decrypt might fail here as - * publicly invalid. We treat it like an empty record. + * Valid early_data that we cannot decrypt will fail here. We treat + * it like an empty record. */ thisrr = &rr[0]; @@ -585,18 +606,19 @@ int ssl3_get_record(SSL *s) if (!early_data_count_ok(s, thisrr->length, EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ - return -1; + goto end; } thisrr->length = 0; thisrr->read = 1; RECORD_LAYER_set_numrpipes(&s->rlayer, 1); RECORD_LAYER_reset_read_sequence(&s->rlayer); - return 1; + ret = 1; + goto end; } SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, - SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - return -1; + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + goto end; } OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length); @@ -608,93 +630,24 @@ int ssl3_get_record(SSL *s) (s->enc_read_ctx != NULL) && (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ - unsigned char *mac = NULL; - unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - - mac_size = EVP_MD_CTX_size(s->read_hash); - if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, - ERR_R_INTERNAL_ERROR); - return -1; - } for (j = 0; j < num_recs; j++) { + SSL_MAC_BUF *thismb = &macbufs[j]; thisrr = &rr[j]; - /* - * orig_len is the length of the record before any padding was - * removed. This is public information, as is the MAC in use, - * therefore we can safely process the record in a different amount - * of time if it's too short to possibly contain a MAC. - */ - if (thisrr->orig_len < mac_size || - /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - thisrr->orig_len < mac_size + 1)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, - SSL_R_LENGTH_TOO_SHORT); - return -1; - } - - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { - /* - * We update the length so that the TLS header bytes can be - * constructed correctly but we need to extract the MAC in - * constant time from within the record, without leaking the - * contents of the padding bytes. - */ - mac = mac_tmp; - if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, - ERR_R_INTERNAL_ERROR); - return -1; - } - thisrr->length -= mac_size; - } else { - /* - * In this case there's no padding, so |rec->orig_len| equals - * |rec->length| and we checked that there's enough bytes for - * |mac_size| above. - */ - thisrr->length -= mac_size; - mac = &thisrr->data[thisrr->length]; - } i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); - if (i == 0 || mac == NULL - || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) - enc_err = -1; + if (i == 0 || thismb == NULL || thismb->mac == NULL + || CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0) + enc_err = 0; if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) - enc_err = -1; + enc_err = 0; } } - if (enc_err < 0) { + if (enc_err == 0) { if (ossl_statem_in_error(s)) { /* We already called SSLfatal() */ - return -1; - } - if (num_recs == 1 && ossl_statem_skip_early_data(s)) { - /* - * We assume this is unreadable early_data - we treat it like an - * empty record - */ - - /* - * The record length may have been modified by the mac check above - * so we use the previously saved value - */ - if (!early_data_count_ok(s, first_rec_len, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { - /* SSLfatal() already called */ - return -1; - } - - thisrr = &rr[0]; - thisrr->length = 0; - thisrr->read = 1; - RECORD_LAYER_set_numrpipes(&s->rlayer, 1); - RECORD_LAYER_reset_read_sequence(&s->rlayer); - return 1; + goto end; } /* * A separate 'decryption_failed' alert was introduced with TLS 1.0, @@ -705,7 +658,7 @@ int ssl3_get_record(SSL *s) */ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); - return -1; + goto end; } skip_decryption: @@ -718,12 +671,12 @@ int ssl3_get_record(SSL *s) if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); - return -1; + goto end; } if (!ssl3_do_uncompress(s, thisrr)) { SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION); - return -1; + goto end; } } @@ -736,7 +689,7 @@ int ssl3_get_record(SSL *s) || thisrr->type != SSL3_RT_APPLICATION_DATA) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE); - return -1; + goto end; } /* Strip trailing padding */ @@ -751,7 +704,7 @@ int ssl3_get_record(SSL *s) && thisrr->type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE); - return -1; + goto end; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, @@ -768,13 +721,13 @@ int ssl3_get_record(SSL *s) && thisrr->length == 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, SSL_R_BAD_LENGTH); - return -1; + goto end; } if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !BIO_get_ktls_recv(s->rbio)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); - return -1; + goto end; } /* If received packet overflows current Max Fragment Length setting */ @@ -783,7 +736,7 @@ int ssl3_get_record(SSL *s) && !BIO_get_ktls_recv(s->rbio)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); - return -1; + goto end; } thisrr->off = 0; @@ -802,7 +755,7 @@ int ssl3_get_record(SSL *s) > MAX_EMPTY_RECORDS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL); - return -1; + goto end; } } else { RECORD_LAYER_reset_empty_record_count(&s->rlayer); @@ -814,12 +767,21 @@ int ssl3_get_record(SSL *s) if (thisrr->type == SSL3_RT_APPLICATION_DATA && !early_data_count_ok(s, thisrr->length, 0, 0)) { /* SSLfatal already called */ - return -1; + goto end; } } RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs); - return 1; + ret = 1; + end: + if (macbufs != NULL) { + for (j = 0; j < num_recs; j++) { + if (macbufs[j].alloced) + OPENSSL_free(macbufs[j].mac); + } + OPENSSL_free(macbufs); + } + return ret; } int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) @@ -866,23 +828,21 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) } /*- - * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|. Will call - * SSLfatal() for internal errors, but not otherwise. + * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|. Calls SSLfatal on + * internal error, but not otherwise. It is the responsibility of the caller to + * report a bad_record_mac * * Returns: - * 0: (in non-constant time) if the record is publicly invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding is invalid or, if sending, an internal error - * occurred. + * 0: if the record is publicly invalid, or an internal error + * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ -int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) +int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, + SSL_MAC_BUF *mac, size_t macsize) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; size_t l, i; - size_t bs, mac_size = 0; - int imac_size; + size_t bs; const EVP_CIPHER *enc; rec = inrecs; @@ -909,13 +869,19 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) memmove(rec->data, rec->input, rec->length); rec->input = rec->data; } else { + int provided = (EVP_CIPHER_provider(enc) != NULL); + l = rec->length; /* TODO(size_t): Convert this call */ bs = EVP_CIPHER_CTX_block_size(ds); /* COMPRESS */ - if ((bs != 1) && sending) { + if ((bs != 1) && sending && !provided) { + /* + * We only do this for legacy ciphers. Provided ciphers add the + * padding on the provider side. + */ i = bs - (l % bs); /* we need to add 'i-1' padding bytes */ @@ -930,52 +896,82 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) } if (!sending) { - if (l == 0 || l % bs != 0) + if (l == 0 || l % bs != 0) { + /* Publicly invalid */ return 0; + } /* otherwise, rec->length >= bs */ } - /* TODO(size_t): Convert this call */ - if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) - return -1; + if (EVP_CIPHER_provider(enc) != NULL) { + int outlen; - if (EVP_MD_CTX_md(s->read_hash) != NULL) { - /* TODO(size_t): convert me */ - imac_size = EVP_MD_CTX_size(s->read_hash); - if (imac_size < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC, - ERR_R_INTERNAL_ERROR); - return -1; + if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input, + (unsigned int)l)) + return 0; + rec->length = outlen; + + if (!sending && mac != NULL) { + /* Now get a pointer to the MAC */ + OSSL_PARAM params[2], *p = params; + + /* Get the MAC */ + mac->alloced = 0; + + *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, + (void **)&mac->mac, + macsize); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CIPHER_CTX_get_params(ds, params)) { + /* Shouldn't normally happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, + ERR_R_INTERNAL_ERROR); + return 0; + } } - mac_size = (size_t)imac_size; + } else { + /* TODO(size_t): Convert this call */ + if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) { + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, 0, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!sending) + return ssl3_cbc_remove_padding_and_mac(&rec->length, + rec->orig_len, + rec->data, + (mac != NULL) ? &mac->mac : NULL, + (mac != NULL) ? &mac->alloced : NULL, + bs, + macsize, + s->ctx->libctx); } - if ((bs != 1) && !sending) - return ssl3_cbc_remove_padding(rec, bs, mac_size); } return 1; } #define MAX_PADDING 256 /*- - * tls1_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for - * internal errors, but not otherwise. + * tls1_enc encrypts/decrypts |n_recs| in |recs|. Calls SSLfatal on internal + * error, but not otherwise. It is the responsibility of the caller to report + * a bad_record_mac - if appropriate (DTLS just drops the record). * * Returns: - * 0: (in non-constant time) if the record is publicly invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, - * an internal error occurred. + * 0: if the record is publicly invalid, or an internal error, or AEAD + * decryption failed, or Encrypt-then-mac decryption failed. + * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ -int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) +int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, + SSL_MAC_BUF *macs, size_t macsize) { EVP_CIPHER_CTX *ds; size_t reclen[SSL_MAX_PIPELINES]; unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; - int i, pad = 0, ret, tmpr; - size_t bs, mac_size = 0, ctr, padnum, loop; + int i, pad = 0, tmpr; + size_t bs, ctr, padnum, loop; unsigned char padval; - int imac_size; const EVP_CIPHER *enc; int tlstree_enc = sending ? (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) : (s->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); @@ -992,7 +988,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (!ossl_assert(n >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } } ds = s->enc_write_ctx; @@ -1016,12 +1012,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input, ivlen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } } } @@ -1032,7 +1028,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (!ossl_assert(n >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } } ds = s->enc_read_ctx; @@ -1047,8 +1043,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length); recs[ctr].input = recs[ctr].data; } - ret = 1; } else { + int provided = (EVP_CIPHER_provider(enc) != NULL); + bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds)); if (n_recs > 1) { @@ -1060,7 +1057,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); - return -1; + return 0; } } for (ctr = 0; ctr < n_recs; ctr++) { @@ -1100,7 +1097,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (pad <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } if (sending) { @@ -1108,7 +1105,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) recs[ctr].length += pad; } - } else if ((bs != 1) && sending) { + } else if ((bs != 1) && sending && !provided) { + /* + * We only do this for legacy ciphers. Provided ciphers add the + * padding on the provider side. + */ padnum = bs - (reclen[ctr] % bs); /* Add weird padding of up to 256 bytes */ @@ -1116,7 +1117,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (padnum > MAX_PADDING) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } /* we need to add 'padnum' padding bytes of value padval */ padval = (unsigned char)(padnum - 1); @@ -1127,8 +1128,10 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) } if (!sending) { - if (reclen[ctr] == 0 || reclen[ctr] % bs != 0) + if (reclen[ctr] == 0 || reclen[ctr] % bs != 0) { + /* Publicly invalid */ return 0; + } } } if (n_recs > 1) { @@ -1142,7 +1145,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) (int)n_recs, data) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); - return -1; + return 0; } /* Set the input buffers */ for (ctr = 0; ctr < n_recs; ctr++) { @@ -1154,7 +1157,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) (int)n_recs, reclen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); - return -1; + return 0; } } @@ -1175,67 +1178,129 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } } - /* TODO(size_t): Convert this call */ - tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, - (unsigned int)reclen[0]); - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_CUSTOM_CIPHER) - ? (tmpr < 0) - : (tmpr == 0)) - return -1; /* AEAD can fail to verify MAC */ - - if (sending == 0) { - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { - for (ctr = 0; ctr < n_recs; ctr++) { - recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - } - } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { - for (ctr = 0; ctr < n_recs; ctr++) { - recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - } - } - } + if (provided) { + int outlen; - ret = 1; - if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) { - imac_size = EVP_MD_CTX_size(s->read_hash); - if (imac_size < 0) { + /* Provided cipher - we do not support pipelining on this path */ + if (n_recs > 1) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } - mac_size = (size_t)imac_size; - } - if ((bs != 1) && !sending) { - int tmpret; - for (ctr = 0; ctr < n_recs; ctr++) { - tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size); - /* - * If tmpret == 0 then this means publicly invalid so we can - * short circuit things here. Otherwise we must respect constant - * time behaviour. - */ - if (tmpret == 0) - return 0; - ret = constant_time_select_int(constant_time_eq_int(tmpret, 1), - ret, -1); + + if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input, + (unsigned int)reclen[0])) + return 0; + recs[0].length = outlen; + + /* + * The length returned from EVP_CipherUpdate above is the actual + * payload length. We need to adjust the data/input ptr to skip over + * any explicit IV + */ + if (!sending) { + if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { + recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; + } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { + recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; + } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { + recs[0].data += bs; + recs[0].input += bs; + recs[0].orig_len -= bs; + } + + /* Now get a pointer to the MAC (if applicable) */ + if (macs != NULL) { + OSSL_PARAM params[2], *p = params; + + /* Get the MAC */ + macs[0].alloced = 0; + + *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, + (void **)&macs[0].mac, + macsize); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CIPHER_CTX_get_params(ds, params)) { + /* Shouldn't normally happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); + return 0; + } + } } - } - if (pad && !sending) { - for (ctr = 0; ctr < n_recs; ctr++) { - recs[ctr].length -= pad; + } else { + /* Legacy cipher */ + + /* TODO(size_t): Convert this call */ + tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, + (unsigned int)reclen[0]); + if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) + & EVP_CIPH_FLAG_CUSTOM_CIPHER) + ? (tmpr < 0) + : (tmpr == 0)) { + /* AEAD can fail to verify MAC */ + return 0; + } + + if (!sending) { + /* Adjust the record to remove the explicit IV/MAC/Tag */ + if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { + for (ctr = 0; ctr < n_recs; ctr++) { + recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + } + } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { + for (ctr = 0; ctr < n_recs; ctr++) { + recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN; + } + } + + for (ctr = 0; ctr < n_recs; ctr++) { + if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { + if (recs[ctr].length < bs) + return 0; + recs[ctr].data += bs; + recs[ctr].input += bs; + recs[ctr].length -= bs; + recs[ctr].orig_len -= bs; + } + + /* + * If using Mac-then-encrypt, then this will succeed but + * with a random MAC if padding is invalid + */ + if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length, + recs[ctr].orig_len, + recs[ctr].data, + (macs != NULL) ? &macs[ctr].mac : NULL, + (macs != NULL) ? &macs[ctr].alloced + : NULL, + bs, + macsize, + (EVP_CIPHER_flags(enc) + & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, + s->ctx->libctx)) + return 0; + } + if (pad) { + for (ctr = 0; ctr < n_recs; ctr++) { + recs[ctr].length -= pad; + } + } } } } - return ret; + return 1; } int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) @@ -1446,211 +1511,6 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) return 1; } -/*- - * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC - * record in |rec| by updating |rec->length| in constant time. - * - * block_size: the block size of the cipher used to encrypt the record. - * returns: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding was valid - * -1: otherwise. - */ -int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - size_t block_size, size_t mac_size) -{ - size_t padding_length; - size_t good; - const size_t overhead = 1 /* padding length byte */ + mac_size; - - /* - * These lengths are all public so we can test them in non-constant time. - */ - if (overhead > rec->length) - return 0; - - padding_length = rec->data[rec->length - 1]; - good = constant_time_ge_s(rec->length, padding_length + overhead); - /* SSLv3 requires that the padding is minimal. */ - good &= constant_time_ge_s(block_size, padding_length + 1); - rec->length -= good & (padding_length + 1); - return constant_time_select_int_s(good, 1, -1); -} - -/*- - * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC - * record in |rec| in constant time and returns 1 if the padding is valid and - * -1 otherwise. It also removes any explicit IV from the start of the record - * without leaking any timing about whether there was enough space after the - * padding was removed. - * - * block_size: the block size of the cipher used to encrypt the record. - * returns: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding was valid - * -1: otherwise. - */ -int tls1_cbc_remove_padding(const SSL *s, - SSL3_RECORD *rec, - size_t block_size, size_t mac_size) -{ - size_t good; - size_t padding_length, to_check, i; - const size_t overhead = 1 /* padding length byte */ + mac_size; - /* Check if version requires explicit IV */ - if (SSL_USE_EXPLICIT_IV(s)) { - /* - * These lengths are all public so we can test them in non-constant - * time. - */ - if (overhead + block_size > rec->length) - return 0; - /* We can now safely skip explicit IV */ - rec->data += block_size; - rec->input += block_size; - rec->length -= block_size; - rec->orig_len -= block_size; - } else if (overhead > rec->length) - return 0; - - padding_length = rec->data[rec->length - 1]; - - if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & - EVP_CIPH_FLAG_AEAD_CIPHER) { - /* padding is already verified */ - rec->length -= padding_length + 1; - return 1; - } - - good = constant_time_ge_s(rec->length, overhead + padding_length); - /* - * The padding consists of a length byte at the end of the record and - * then that many bytes of padding, all with the same value as the length - * byte. Thus, with the length byte included, there are i+1 bytes of - * padding. We can't check just |padding_length+1| bytes because that - * leaks decrypted information. Therefore we always have to check the - * maximum amount of padding possible. (Again, the length of the record - * is public information so we can use it.) - */ - to_check = 256; /* maximum amount of padding, inc length byte. */ - if (to_check > rec->length) - to_check = rec->length; - - for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge_8_s(padding_length, i); - unsigned char b = rec->data[rec->length - 1 - i]; - /* - * The final |padding_length+1| bytes should all have the value - * |padding_length|. Therefore the XOR should be zero. - */ - good &= ~(mask & (padding_length ^ b)); - } - - /* - * If any of the final |padding_length+1| bytes had the wrong value, one - * or more of the lower eight bits of |good| will be cleared. - */ - good = constant_time_eq_s(0xff, good & 0xff); - rec->length -= good & (padding_length + 1); - - return constant_time_select_int_s(good, 1, -1); -} - -/*- - * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in - * constant time (independent of the concrete value of rec->length, which may - * vary within a 256-byte window). - * - * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to - * this function. - * - * On entry: - * rec->orig_len >= md_size - * md_size <= EVP_MAX_MD_SIZE - * - * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with - * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into - * a single or pair of cache-lines, then the variable memory accesses don't - * actually affect the timing. CPUs with smaller cache-lines [if any] are - * not multi-core and are not considered vulnerable to cache-timing attacks. - */ -#define CBC_MAC_ROTATE_IN_PLACE - -int ssl3_cbc_copy_mac(unsigned char *out, - const SSL3_RECORD *rec, size_t md_size) -{ -#if defined(CBC_MAC_ROTATE_IN_PLACE) - unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; - unsigned char *rotated_mac; -#else - unsigned char rotated_mac[EVP_MAX_MD_SIZE]; -#endif - - /* - * mac_end is the index of |rec->data| just after the end of the MAC. - */ - size_t mac_end = rec->length; - size_t mac_start = mac_end - md_size; - size_t in_mac; - /* - * scan_start contains the number of bytes that we can ignore because the - * MAC's position can only vary by 255 bytes. - */ - size_t scan_start = 0; - size_t i, j; - size_t rotate_offset; - - if (!ossl_assert(rec->orig_len >= md_size - && md_size <= EVP_MAX_MD_SIZE)) - return 0; - -#if defined(CBC_MAC_ROTATE_IN_PLACE) - rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63); -#endif - - /* This information is public so it's safe to branch based on it. */ - if (rec->orig_len > md_size + 255 + 1) - scan_start = rec->orig_len - (md_size + 255 + 1); - - in_mac = 0; - rotate_offset = 0; - memset(rotated_mac, 0, md_size); - for (i = scan_start, j = 0; i < rec->orig_len; i++) { - size_t mac_started = constant_time_eq_s(i, mac_start); - size_t mac_ended = constant_time_lt_s(i, mac_end); - unsigned char b = rec->data[i]; - - in_mac |= mac_started; - in_mac &= mac_ended; - rotate_offset |= j & mac_started; - rotated_mac[j++] |= b & in_mac; - j &= constant_time_lt_s(j, md_size); - } - - /* Now rotate the MAC */ -#if defined(CBC_MAC_ROTATE_IN_PLACE) - j = 0; - for (i = 0; i < md_size; i++) { - /* in case cache-line is 32 bytes, touch second line */ - ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; - out[j++] = rotated_mac[rotate_offset++]; - rotate_offset &= constant_time_lt_s(rotate_offset, md_size); - } -#else - memset(out, 0, md_size); - rotate_offset = md_size - rotate_offset; - rotate_offset &= constant_time_lt_s(rotate_offset, md_size); - for (i = 0; i < md_size; i++) { - for (j = 0; j < md_size; j++) - out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset); - rotate_offset++; - rotate_offset &= constant_time_lt_s(rotate_offset, md_size); - } -#endif - - return 1; -} - int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) { int i; @@ -1658,9 +1518,11 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) SSL_SESSION *sess; SSL3_RECORD *rr; int imac_size; - size_t mac_size; + size_t mac_size = 0; unsigned char md[EVP_MAX_MD_SIZE]; size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH; + SSL_MAC_BUF macbuf = { NULL, 0 }; + int ret = 0; rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; @@ -1694,14 +1556,24 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) rr->data = rr->input; rr->orig_len = rr->length; + /* TODO(size_t): convert this to do size_t properly */ + if (s->read_hash != NULL) { + const EVP_MD *tmpmd = EVP_MD_CTX_md(s->read_hash); + + if (tmpmd != NULL) { + imac_size = EVP_MD_size(tmpmd); + if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_LIB_EVP); + return -1; + } + mac_size = (size_t)imac_size; + } + } + if (SSL_READ_ETM(s) && s->read_hash) { unsigned char *mac; - mac_size = EVP_MD_CTX_size(s->read_hash); - if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, - ERR_R_INTERNAL_ERROR); - return 0; - } + if (rr->orig_len < mac_size) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); @@ -1715,24 +1587,30 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); return 0; } + /* + * We've handled the mac now - there is no MAC inside the encrypted + * record + */ + mac_size = 0; } - enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0); + enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size); + /*- * enc_err is: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding is valid - * -1: if the padding is invalid + * 0: if the record is publicly invalid, or an internal error, or AEAD + * decryption failed, or ETM decryption failed. + * 1: Success or MTE decryption failed (MAC will be randomised) */ if (enc_err == 0) { if (ossl_statem_in_error(s)) { /* SSLfatal() got called */ - return 0; + goto end; } /* For DTLS we simply ignore bad packets. */ rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); - return 0; + goto end; } OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "dec %zd\n", rr->length); @@ -1743,75 +1621,20 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) if ((sess != NULL) && !SSL_READ_ETM(s) && (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ - unsigned char *mac = NULL; - unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - - /* TODO(size_t): Convert this to do size_t properly */ - imac_size = EVP_MD_CTX_size(s->read_hash); - if (imac_size < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, - ERR_LIB_EVP); - return 0; - } - mac_size = (size_t)imac_size; - if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, - ERR_R_INTERNAL_ERROR); - return 0; - } - - /* - * orig_len is the length of the record before any padding was - * removed. This is public information, as is the MAC in use, - * therefore we can safely process the record in a different amount - * of time if it's too short to possibly contain a MAC. - */ - if (rr->orig_len < mac_size || - /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - rr->orig_len < mac_size + 1)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD, - SSL_R_LENGTH_TOO_SHORT); - return 0; - } - - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { - /* - * We update the length so that the TLS header bytes can be - * constructed correctly but we need to extract the MAC in - * constant time from within the record, without leaking the - * contents of the padding bytes. - */ - mac = mac_tmp; - if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, - ERR_R_INTERNAL_ERROR); - return 0; - } - rr->length -= mac_size; - } else { - /* - * In this case there's no padding, so |rec->orig_len| equals - * |rec->length| and we checked that there's enough bytes for - * |mac_size| above. - */ - rr->length -= mac_size; - mac = &rr->data[rr->length]; - } i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); - if (i == 0 || mac == NULL - || CRYPTO_memcmp(md, mac, mac_size) != 0) - enc_err = -1; + if (i == 0 || macbuf.mac == NULL + || CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0) + enc_err = 0; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) - enc_err = -1; + enc_err = 0; } - if (enc_err < 0) { + if (enc_err == 0) { /* decryption failed, silently discard message */ rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); - return 0; + goto end; } /* r->length is now just compressed */ @@ -1819,12 +1642,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); - return 0; + goto end; } if (!ssl3_do_uncompress(s, rr)) { SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION); - return 0; + goto end; } } @@ -1836,7 +1659,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) if (rr->length > max_plain_length) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); - return 0; + goto end; } rr->off = 0; @@ -1855,7 +1678,11 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* Mark receipt of record. */ dtls1_record_bitmap_update(s, bitmap); - return 1; + ret = 1; + end: + if (macbuf.alloced) + OPENSSL_free(macbuf.mac); + return ret; } /* diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index f18da2db74..910b6a5862 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -12,17 +12,16 @@ #include "internal/cryptlib.h" /*- - * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for - * internal errors, but not otherwise. + * tls13_enc encrypts/decrypts |n_recs| in |recs|. Calls SSLfatal on internal + * error, but not otherwise. It is the responsibility of the caller to report + * a bad_record_mac. * * Returns: - * 0: (in non-constant time) if the record is publicly invalid (i.e. too - * short etc). - * 1: if the record encryption was successful. - * -1: if the record's AEAD-authenticator is invalid or, if sending, - * an internal error occurred. + * 0: On failure + * 1: if the record encryption/decryption was successful. */ -int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) +int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, + SSL_MAC_BUF *mac, size_t macsize) { EVP_CIPHER_CTX *ctx; unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; @@ -39,7 +38,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) /* TODO(TLS1.3): Support pipelining */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } if (sending) { @@ -75,7 +74,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) && s->psksession->ext.max_early_data > 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } alg_enc = s->psksession->cipher->algorithm_enc; } @@ -87,7 +86,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (!ossl_assert(s->s3.tmp.new_cipher != NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } alg_enc = s->s3.tmp.new_cipher->algorithm_enc; } @@ -101,7 +100,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } } else if (alg_enc & SSL_AESGCM) { taglen = EVP_GCM_TLS_TAG_LEN; @@ -110,7 +109,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } if (!sending) { @@ -128,7 +127,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) /* Should not happen */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } offset = ivlen - SEQ_NUM_SIZE; memcpy(iv, staticiv, offset); @@ -143,7 +142,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) } if (loop == 0) { /* Sequence has wrapped */ - return -1; + return 0; } /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */ @@ -151,7 +150,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, rec->data + rec->length) <= 0)) { - return -1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return 0; } /* Set up the AAD */ @@ -162,8 +163,10 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) || !WPACKET_get_total_written(&wpkt, &hdrlen) || hdrlen != SSL3_RT_HEADER_LENGTH || !WPACKET_finish(&wpkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); WPACKET_cleanup(&wpkt); - return -1; + return 0; } /* @@ -179,7 +182,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) (unsigned int)rec->length) <= 0 || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 || (size_t)(lenu + lenf) != rec->length) { - return -1; + return 0; } if (sending) { /* Add the tag */ @@ -187,7 +190,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) rec->data + rec->length) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); - return -1; + return 0; } rec->length += taglen; } diff --git a/ssl/record/tls_pad.c b/ssl/record/tls_pad.c new file mode 100644 index 0000000000..9f698483f1 --- /dev/null +++ b/ssl/record/tls_pad.c @@ -0,0 +1,319 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/constant_time.h" +#include "internal/cryptlib.h" + +/* + * This file has no dependencies on the rest of libssl because it is shared + * with the providers. It contains functions for low level CBC TLS padding + * removal. Responsibility for this lies with the cipher implementations in the + * providers. However there are legacy code paths in libssl which also need to + * do this. In time those legacy code paths can be removed and this file can be + * moved out of libssl. + */ + +static int ssl3_cbc_copy_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, + size_t mac_size, + size_t good, + OPENSSL_CTX *libctx); + +int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OPENSSL_CTX *libctx); + +int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OPENSSL_CTX *libctx); + +/*- + * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC + * record in |recdata| by updating |reclen| in constant time. It also extracts + * the MAC from the underlying record and places a pointer to it in |mac|. The + * MAC data can either be newly allocated memory, or a pointer inside the + * |recdata| buffer. If allocated then |*alloced| is set to 1, otherwise it is + * set to 0. + * + * origreclen: the original record length before any changes were made + * block_size: the block size of the cipher used to encrypt the record. + * mac_size: the size of the MAC to be extracted + * aead: 1 if an AEAD cipher is in use, or 0 otherwise + * returns: + * 0: if the record is publicly invalid. + * 1: if the record is publicly valid. If the padding removal fails then the + * MAC returned is random. + */ +int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OPENSSL_CTX *libctx) +{ + size_t padding_length; + size_t good; + const size_t overhead = 1 /* padding length byte */ + mac_size; + + /* + * These lengths are all public so we can test them in non-constant time. + */ + if (overhead > *reclen) + return 0; + + padding_length = recdata[*reclen - 1]; + good = constant_time_ge_s(*reclen, padding_length + overhead); + /* SSLv3 requires that the padding is minimal. */ + good &= constant_time_ge_s(block_size, padding_length + 1); + *reclen -= good & (padding_length + 1); + + return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced, + block_size, mac_size, good, libctx); +} + +/*- + * tls1_cbc_remove_padding_and_mac removes padding from the decrypted, TLS, CBC + * record in |recdata| by updating |reclen| in constant time. It also extracts + * the MAC from the underlying record and places a pointer to it in |mac|. The + * MAC data can either be newly allocated memory, or a pointer inside the + * |recdata| buffer. If allocated then |*alloced| is set to 1, otherwise it is + * set to 0. + * + * origreclen: the original record length before any changes were made + * block_size: the block size of the cipher used to encrypt the record. + * mac_size: the size of the MAC to be extracted + * aead: 1 if an AEAD cipher is in use, or 0 otherwise + * returns: + * 0: if the record is publicly invalid. + * 1: if the record is publicly valid. If the padding removal fails then the + * MAC returned is random. + */ +int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OPENSSL_CTX *libctx) +{ + size_t good = -1; + size_t padding_length, to_check, i; + size_t overhead = ((block_size == 1) ? 0 : 1) /* padding length byte */ + + mac_size; + + /* + * These lengths are all public so we can test them in non-constant + * time. + */ + if (overhead > *reclen) + return 0; + + if (block_size != 1) { + + padding_length = recdata[*reclen - 1]; + + if (aead) { + /* padding is already verified and we don't need to check the MAC */ + *reclen -= padding_length + 1 + mac_size; + *mac = NULL; + *alloced = 0; + return 1; + } + + good = constant_time_ge_s(*reclen, overhead + padding_length); + /* + * The padding consists of a length byte at the end of the record and + * then that many bytes of padding, all with the same value as the + * length byte. Thus, with the length byte included, there are i+1 bytes + * of padding. We can't check just |padding_length+1| bytes because that + * leaks decrypted information. Therefore we always have to check the + * maximum amount of padding possible. (Again, the length of the record + * is public information so we can use it.) + */ + to_check = 256; /* maximum amount of padding, inc length byte. */ + if (to_check > *reclen) + to_check = *reclen; + + for (i = 0; i < to_check; i++) { + unsigned char mask = constant_time_ge_8_s(padding_length, i); + unsigned char b = recdata[*reclen - 1 - i]; + /* + * The final |padding_length+1| bytes should all have the value + * |padding_length|. Therefore the XOR should be zero. + */ + good &= ~(mask & (padding_length ^ b)); + } + + /* + * If any of the final |padding_length+1| bytes had the wrong value, one + * or more of the lower eight bits of |good| will be cleared. + */ + good = constant_time_eq_s(0xff, good & 0xff); + *reclen -= good & (padding_length + 1); + } + + return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced, + block_size, mac_size, good, libctx); +} + +/*- + * ssl3_cbc_copy_mac copies |md_size| bytes from the end of the record in + * |recdata| to |*mac| in constant time (independent of the concrete value of + * the record length |reclen|, which may vary within a 256-byte window). + * + * On entry: + * origreclen >= mac_size + * mac_size <= EVP_MAX_MD_SIZE + * + * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with + * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into + * a single or pair of cache-lines, then the variable memory accesses don't + * actually affect the timing. CPUs with smaller cache-lines [if any] are + * not multi-core and are not considered vulnerable to cache-timing attacks. + */ +#define CBC_MAC_ROTATE_IN_PLACE + +static int ssl3_cbc_copy_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, + size_t mac_size, + size_t good, + OPENSSL_CTX *libctx) +{ +#if defined(CBC_MAC_ROTATE_IN_PLACE) + unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; + unsigned char *rotated_mac; +#else + unsigned char rotated_mac[EVP_MAX_MD_SIZE]; +#endif + unsigned char randmac[EVP_MAX_MD_SIZE]; + unsigned char *out; + + /* + * mac_end is the index of |recdata| just after the end of the MAC. + */ + size_t mac_end = *reclen; + size_t mac_start = mac_end - mac_size; + size_t in_mac; + /* + * scan_start contains the number of bytes that we can ignore because the + * MAC's position can only vary by 255 bytes. + */ + size_t scan_start = 0; + size_t i, j; + size_t rotate_offset; + + if (!ossl_assert(origreclen >= mac_size + && mac_size <= EVP_MAX_MD_SIZE)) + return 0; + + /* If no MAC then nothing to be done */ + if (mac_size == 0) { + /* No MAC so we can do this in non-constant time */ + if (good == 0) + return 0; + return 1; + } + + *reclen -= mac_size; + + if (block_size == 1) { + /* There's no padding so the position of the MAC is fixed */ + if (mac != NULL) + *mac = &recdata[*reclen]; + if (alloced != NULL) + *alloced = 0; + return 1; + } + + /* Create the random MAC we will emit if padding is bad */ + if (!RAND_bytes_ex(libctx, randmac, mac_size)) + return 0; + + if (!ossl_assert(mac != NULL && alloced != NULL)) + return 0; + *mac = out = OPENSSL_malloc(mac_size); + if (*mac == NULL) + return 0; + *alloced = 1; + +#if defined(CBC_MAC_ROTATE_IN_PLACE) + rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63); +#endif + + /* This information is public so it's safe to branch based on it. */ + if (origreclen > mac_size + 255 + 1) + scan_start = origreclen - (mac_size + 255 + 1); + + in_mac = 0; + rotate_offset = 0; + memset(rotated_mac, 0, mac_size); + for (i = scan_start, j = 0; i < origreclen; i++) { + size_t mac_started = constant_time_eq_s(i, mac_start); + size_t mac_ended = constant_time_lt_s(i, mac_end); + unsigned char b = recdata[i]; + + in_mac |= mac_started; + in_mac &= mac_ended; + rotate_offset |= j & mac_started; + rotated_mac[j++] |= b & in_mac; + j &= constant_time_lt_s(j, mac_size); + } + + /* Now rotate the MAC */ +#if defined(CBC_MAC_ROTATE_IN_PLACE) + j = 0; + for (i = 0; i < mac_size; i++) { + /* in case cache-line is 32 bytes, touch second line */ + ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; + + /* If the padding wasn't good we emit a random MAC */ + out[j++] = constant_time_select_8((unsigned char)(good & 0xff), + rotated_mac[rotate_offset++], + randmac[i]); + rotate_offset &= constant_time_lt_s(rotate_offset, mac_size); + } +#else + memset(out, 0, mac_size); + rotate_offset = mac_size - rotate_offset; + rotate_offset &= constant_time_lt_s(rotate_offset, mac_size); + for (i = 0; i < mac_size; i++) { + for (j = 0; j < mac_size; j++) + out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset); + rotate_offset++; + rotate_offset &= constant_time_lt_s(rotate_offset, mac_size); + + /* If the padding wasn't good we emit a random MAC */ + out[i] = constant_time_select_8((unsigned char)(good & 0xff), out[i], + randmac[i]); + } +#endif + + return 1; +} diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 5a807d6d57..36b7c7616e 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -241,6 +241,12 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; } + if (EVP_CIPHER_provider(c) != NULL + && !tls_provider_set_tls_params(s, dd, c, m)) { + /* SSLfatal already called */ + goto err; + } + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; return 1; err: diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a252761ca4..c3174a7c91 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -34,51 +34,37 @@ DEFINE_STACK_OF(OCSP_RESPID) DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) DEFINE_STACK_OF(SCT) -static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t) +static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, + SSL_MAC_BUF *mac, size_t macsize) { - (void)r; - (void)s; - (void)t; return ssl_undefined_function(ssl); } static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, int t) { - (void)r; - (void)s; - (void)t; return ssl_undefined_function(ssl); } static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, unsigned char *s, size_t t, size_t *u) { - (void)r; - (void)s; - (void)t; - (void)u; return ssl_undefined_function(ssl); } static int ssl_undefined_function_4(SSL *ssl, int r) { - (void)r; return ssl_undefined_function(ssl); } static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, unsigned char *t) { - (void)r; - (void)s; - (void)t; return ssl_undefined_function(ssl); } static int ssl_undefined_function_6(int r) { - (void)r; return ssl_undefined_function(NULL); } @@ -86,13 +72,6 @@ static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, const char *t, size_t u, const unsigned char *v, size_t w, int x) { - (void)r; - (void)s; - (void)t; - (void)u; - (void)v; - (void)w; - (void)x; return ssl_undefined_function(ssl); } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 58bc1f99c4..250098600f 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2069,7 +2069,7 @@ typedef struct cert_st { * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, size_t, int); + int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); int (*setup_key_block) (SSL *); int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, @@ -2804,6 +2804,9 @@ const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx, int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); +int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *ciph, + const EVP_MD *md); # else /* OPENSSL_UNIT_TEST */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e929121cd2..7c0b3e9d65 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -136,6 +136,45 @@ static int count_unprocessed_records(SSL *s) # endif #endif + +int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *ciph, + const EVP_MD *md) +{ + /* + * Provided cipher, the TLS padding/MAC removal is performed provider + * side so we need to tell the ctx about our TLS version and mac size + */ + OSSL_PARAM params[3], *pprm = params; + size_t macsize = 0; + int imacsize = -1; + + if ((EVP_CIPHER_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 + /* + * We look at s->ext.use_etm instead of SSL_READ_ETM() or + * SSL_WRITE_ETM() because this test applies to both reading + * and writing. + */ + && !s->ext.use_etm) + imacsize = EVP_MD_size(md); + if (imacsize >= 0) + macsize = (size_t)imacsize; + + *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, + &s->version); + *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, + &macsize); + *pprm = OSSL_PARAM_construct_end(); + + if (!EVP_CIPHER_CTX_set_params(ctx, params)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + int tls1_change_cipher_state(SSL *s, int which) { unsigned char *p, *mac_secret; @@ -396,6 +435,12 @@ int tls1_change_cipher_state(SSL *s, int which) ERR_R_INTERNAL_ERROR); goto err; } + if (EVP_CIPHER_provider(c) != NULL + && !tls_provider_set_tls_params(s, dd, c, m)) { + /* SSLfatal already called */ + goto err; + } + #ifndef OPENSSL_NO_KTLS if (s->compress) goto skip_ktls; diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 476a1758ad..641ecf331d 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -190,9 +190,12 @@ static int test_ssl_corrupt(int testidx) int testresult = 0; STACK_OF(SSL_CIPHER) *ciphers; const SSL_CIPHER *currcipher; + int err; docorrupt = 0; + ERR_clear_error(); + TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), @@ -234,9 +237,14 @@ static int test_ssl_corrupt(int testidx) if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0)) goto end; - if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()), - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC)) - goto end; + do { + err = ERR_get_error(); + + if (err == 0) { + TEST_error("Decryption failed or bad record MAC not seen"); + goto end; + } + } while (ERR_GET_REASON(err) != SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); testresult = 1; end: diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index a49fbc0013..3bb189f0b5 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -368,7 +368,7 @@ static int test_tls13_encryption(void) } /* Encrypt it */ - if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1), 1)) { + if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1, NULL, 0), 1)) { TEST_info("Failed to encrypt record %zu", ctr); goto err; } @@ -378,7 +378,7 @@ static int test_tls13_encryption(void) } /* Decrypt it */ - if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0), 1)) { + if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0, NULL, 0), 1)) { TEST_info("Failed to decrypt record %zu", ctr); goto err; } From builds at travis-ci.com Mon Jul 6 09:57:16 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 06 Jul 2020 09:57:16 +0000 Subject: Errored: openssl/openssl#35964 (master - 2d9f56e) In-Reply-To: Message-ID: <5f02f57c4da9d_13fb51c2a4e94266750@travis-pro-tasks-595b47788-x6ksz.mail> Build Update for openssl/openssl ------------------------------------- Build: #35964 Status: Errored Duration: 1 hr, 18 mins, and 37 secs Commit: 2d9f56e (master) Author: Matt Caswell Message: Ensure TLS padding is added during encryption on the provider side Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12288) View the changeset: https://github.com/openssl/openssl/compare/1b726e9b91a0...2d9f56e9992e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174386611?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 6 12:32:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 06 Jul 2020 12:32:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1594038735.000491.14471.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=2526, 811 wallclock secs (11.91 usr 1.23 sys + 757.01 cusr 53.81 csys = 823.96 CPU) Result: FAIL Makefile:3127: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3125: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Mon Jul 6 13:49:16 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 06 Jul 2020 13:49:16 +0000 Subject: [openssl] master update Message-ID: <1594043356.116558.6409.nullmailer@dev.openssl.org> The branch master has been updated via 8c330e1939d6b7db93a963116354ef80ca0babb3 (commit) from 2d9f56e9992ef3725b87a0a8e6165a18d038b784 (commit) - Log ----------------------------------------------------------------- commit 8c330e1939d6b7db93a963116354ef80ca0babb3 Author: Glenn Strauss Date: Fri Jun 5 17:14:08 2020 -0400 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl improve reference implementation code in SSL_CTX_set_tlsext_ticket_key_cb man page change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication of requiring longer keys. Updating this code brings the reference implementation in line with implementation in openssl committed in 2016: commit 05df5c20 Use AES256 for the default encryption algoritm for TLS session tickets add comments where user-implementation is needed to complete code CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12063) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index ae2ee2b4e2..ee726b3b64 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -159,6 +159,7 @@ Reference Implementation: EVP_MAC_CTX *hctx, int enc) { OSSL_PARAM params[3]; + your_type_t *key; /* something that you need to implement */ if (enc) { /* create new session */ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) @@ -178,10 +179,10 @@ Reference Implementation: } memcpy(key_name, key->name, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - key->hmac_key, 16); + key->hmac_key, 32); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); @@ -190,21 +191,22 @@ Reference Implementation: return 1; } else { /* retrieve session */ - key = findkey(name); + time_t t = time(NULL); + key = findkey(key_name); /* something that you need to implement */ - if (key == NULL || key->expire < now()) + if (key == NULL || key->expire < t) return 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - key->hmac_key, 16); + key->hmac_key, 32); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); EVP_MAC_set_ctx_params(hctx, params); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); - if (key->expire < now() - RENEW_TIME) { + if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */ /* * return 2 - This session will get a new ticket even though the * current one is still valid. From builds at travis-ci.com Mon Jul 6 15:12:09 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 06 Jul 2020 15:12:09 +0000 Subject: Errored: openssl/openssl#35977 (master - 8c330e1) In-Reply-To: Message-ID: <5f033f489e3a8_13fc4cd7a60bc660069@travis-pro-tasks-84fdf7d58b-dnrrk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35977 Status: Errored Duration: 1 hr, 13 mins, and 46 secs Commit: 8c330e1 (master) Author: Glenn Strauss Message: improve SSL_CTX_set_tlsext_ticket_key_cb ref impl improve reference implementation code in SSL_CTX_set_tlsext_ticket_key_cb man page change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication of requiring longer keys. Updating this code brings the reference implementation in line with implementation in openssl committed in 2016: commit 05df5c20 Use AES256 for the default encryption algoritm for TLS session tickets add comments where user-implementation is needed to complete code CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12063) View the changeset: https://github.com/openssl/openssl/compare/2d9f56e9992e...8c330e1939d6 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174450419?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 6 20:18:20 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 06 Jul 2020 20:18:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1594066700.978703.31651.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=2662, 859 wallclock secs (12.13 usr 1.35 sys + 752.26 cusr 59.71 csys = 825.45 CPU) Result: FAIL Makefile:3125: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3123: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 6 22:37:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 06 Jul 2020 22:37:55 +0000 Subject: FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1594075075.783387.21601.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=204, Tests=2386, 736 wallclock secs ( 9.33 usr 1.18 sys + 678.01 cusr 48.02 csys = 736.54 CPU) Result: FAIL Makefile:2357: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2355: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue Jul 7 04:02:28 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 07 Jul 2020 04:02:28 +0000 Subject: Build failed: openssl master.35437 Message-ID: <20200707040228.1.512278CB441717A4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 7 04:33:12 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 07 Jul 2020 04:33:12 +0000 Subject: Build completed: openssl master.35438 Message-ID: <20200707043312.1.DFC68A366CFD16BE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 7 04:38:03 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 04:38:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1594096683.845761.1636.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4117: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3087: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From nic.tuv at gmail.com Tue Jul 7 08:57:37 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 07 Jul 2020 08:57:37 +0000 Subject: [openssl] master update Message-ID: <1594112257.917759.5650.nullmailer@dev.openssl.org> The branch master has been updated via 1c9761d0b547d2d135037d215cd16feb4d0b698c (commit) via 466d30c0d7fa861a5fcbaebd2e2010a8c2aea322 (commit) via e0137ca92b4abf65acde15b255ae58d7e76af22f (commit) from 8c330e1939d6b7db93a963116354ef80ca0babb3 (commit) - Log ----------------------------------------------------------------- commit 1c9761d0b547d2d135037d215cd16feb4d0b698c Author: Nicola Tuveri Date: Sun Jun 28 20:03:53 2020 +0300 [test][15-test_genec] Improve EC tests with genpkey Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See for more details. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12307) commit 466d30c0d7fa861a5fcbaebd2e2010a8c2aea322 Author: Nicola Tuveri Date: Sat Jun 27 01:42:49 2020 +0300 [apps/genpkey] exit status should not be 0 on output errors If the key is to be serialized or printed as text and the framework returns an error, the app should signal the failure to the user using a non-zero exit status. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12305) commit e0137ca92b4abf65acde15b255ae58d7e76af22f Author: Nicola Tuveri Date: Mon Jun 29 00:53:46 2020 +0300 [EC][ASN1] Detect missing OID when serializing EC parameters and keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes #12306 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12313) ----------------------------------------------------------------------- Summary of changes: apps/genpkey.c | 6 +- crypto/ec/ec_ameth.c | 9 +- crypto/ec/ec_asn1.c | 11 +- crypto/ec/ec_err.c | 1 + crypto/err/openssl.txt | 2 + crypto/pem/pem_lib.c | 2 +- include/openssl/ecerr.h | 1 + providers/common/include/prov/providercommonerr.h | 1 + providers/common/provider_err.c | 1 + .../implementations/serializers/serializer_ec.c | 8 ++ test/recipes/15-test_genec.t | 133 ++++++++++++++++++--- 11 files changed, 155 insertions(+), 20 deletions(-) diff --git a/apps/genpkey.c b/apps/genpkey.c index 8954ef19c7..4a4a83fd40 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -189,9 +189,12 @@ int genpkey_main(int argc, char **argv) goto end; } + ret = 0; + if (rv <= 0) { BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); + ret = 1; } if (text) { @@ -203,11 +206,10 @@ int genpkey_main(int argc, char **argv) if (rv <= 0) { BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err); + ret = 1; } } - ret = 0; - end: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 761f697850..8a33b3232c 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -43,7 +43,14 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) && (nid = EC_GROUP_get_curve_name(group))) /* we have a 'named curve' => just set the OID */ { - *ppval = OBJ_nid2obj(nid); + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } + *ppval = asn1obj; *pptype = V_ASN1_OBJECT; } else { /* explicit parameters */ diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index a53573cc92..654a12ad60 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -553,9 +553,16 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { - ret->type = 0; - if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID); ok = 0; + } else { + ret->type = 0; + ret->value.named_curve = asn1obj; + } } else /* we don't know the nid => ERROR */ ok = 0; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index d775ced93a..afb2696285 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -70,6 +70,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index bc39b37cd0..579c2dce9a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2439,6 +2439,7 @@ EC_R_KEYS_NOT_SET:140:keys not set EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_OID:167:missing OID EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values @@ -2886,6 +2887,7 @@ PROV_R_MISSING_CONSTANT:156:missing constant PROV_R_MISSING_KEY:128:missing key PROV_R_MISSING_MAC:150:missing mac PROV_R_MISSING_MESSAGE_DIGEST:129:missing message digest +PROV_R_MISSING_OID:209:missing OID PROV_R_MISSING_PASS:130:missing pass PROV_R_MISSING_SALT:131:missing salt PROV_R_MISSING_SECRET:132:missing secret diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index c170f60bcd..bd20bbb783 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -334,7 +334,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } } - if ((dsize = i2d(x, NULL)) < 0) { + if ((dsize = i2d(x, NULL)) <= 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); dsize = 0; goto err; diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 033c94d9a9..b12e222510 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -264,6 +264,7 @@ int ERR_load_EC_strings(void); # define EC_R_LADDER_POST_FAILURE 136 # define EC_R_LADDER_PRE_FAILURE 153 # define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index b7fd2c2bf4..c21537fd4f 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -113,6 +113,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_MISSING_KEY 128 # define PROV_R_MISSING_MAC 150 # define PROV_R_MISSING_MESSAGE_DIGEST 129 +# define PROV_R_MISSING_OID 209 # define PROV_R_MISSING_PASS 130 # define PROV_R_MISSING_SALT 131 # define PROV_R_MISSING_SECRET 132 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 08978189b9..7a0e0c595d 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -112,6 +112,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MAC), "missing mac"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MESSAGE_DIGEST), "missing message digest"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_PASS), "missing pass"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SALT), "missing salt"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SECRET), "missing secret"}, diff --git a/providers/implementations/serializers/serializer_ec.c b/providers/implementations/serializers/serializer_ec.c index 4d81651c5a..0dbc889d34 100644 --- a/providers/implementations/serializers/serializer_ec.c +++ b/providers/implementations/serializers/serializer_ec.c @@ -11,6 +11,7 @@ #include "crypto/ec.h" #include "prov/bio.h" /* ossl_prov_bio_printf() */ #include "prov/implementations.h" /* ec_keymgmt_functions */ +#include "prov/providercommonerr.h" /* PROV_R_MISSING_OID */ #include "serializer_local.h" void ec_get_new_free_import(OSSL_FUNC_keymgmt_new_fn **ec_new, @@ -117,6 +118,13 @@ int ossl_prov_prepare_ec_params(const void *eckey, int nid, return 0; } + if (OBJ_length(params) == 0) { + /* Some curves might not have an associated OID */ + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); + ASN1_OBJECT_free(params); + return 0; + } + *pstr = params; *pstrtype = V_ASN1_OBJECT; return 1; diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t index d4547e5849..b46147ca10 100644 --- a/test/recipes/15-test_genec.t +++ b/test/recipes/15-test_genec.t @@ -23,13 +23,13 @@ use OpenSSL::Test::Utils; # The remaining argument are passed unchecked to 'run'. # 1: the result of app() or similar, i.e. something you can pass to -sub supported { +sub supported_pass { my $str = shift; ok(run(@_), $str); } -sub unsupported { +sub unsupported_pass { my $str = shift; TODO: { local $TODO = "Currently not supported"; @@ -38,6 +38,20 @@ sub unsupported { } } +sub supported_fail { + my $str = shift; + + ok(!run(@_), $str); +} + +sub unsupported_fail { + my $str = shift; + TODO: { + local $TODO = "Currently not supported"; + + ok(!run(@_), $str); + } +} setup("test_genec"); @@ -127,10 +141,14 @@ my @binary_curves = qw( wap-wsg-idm-ecid-wtls5 wap-wsg-idm-ecid-wtls10 wap-wsg-idm-ecid-wtls11 - Oakley-EC2N-3 - Oakley-EC2N-4 ); +my @explicit_only_curves = (); +push(@explicit_only_curves, qw( + Oakley-EC2N-3 + Oakley-EC2N-4 + )) if !disabled("ec2m"); + my @other_curves = (); push(@other_curves, 'SM2') if !disabled("sm2"); @@ -164,23 +182,37 @@ push(@curve_list, @curve_aliases); my %params_encodings = ( - 'named_curve' => \&supported, - 'explicit' => \&unsupported + 'named_curve' => \&supported_pass, + 'explicit' => \&unsupported_pass ); my @output_formats = ('PEM', 'DER'); plan tests => scalar(@curve_list) * scalar(keys %params_encodings) * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + 1 # Checking that with no curve it fails + 1 # Checking that with unknown curve it fails + + 1 # Subtest for explicit only curves ; +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC'])), + "genpkey EC with no params should fail"); + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), + "genpkey EC with unknown curve name should fail"); + foreach my $curvename (@curve_list) { foreach my $paramenc (sort keys %params_encodings) { my $fn = $params_encodings{$paramenc}; + + # --- Test generating parameters --- + $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)", - app([ 'openssl', 'genpkey', + app([ 'openssl', 'genpkey', '-genparam', '-algorithm', 'EC', '-pkeyopt', 'ec_paramgen_curve:'.$curvename, '-pkeyopt', 'ec_param_enc:'.$paramenc, @@ -196,14 +228,87 @@ foreach my $curvename (@curve_list) { '-outform', $outform, '-out', $outfile])); } + + # --- Test generating actual keys --- + + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])); + } } } -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC'])), - "genpkey EC with no params should fail"); +subtest "test curves that only support explicit parameters encoding" => sub { + plan skip_all => "This test is unsupported under current configuration" + if scalar(@explicit_only_curves) <= 0; -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), - "genpkey EC with unknown curve name should fail"); + plan tests => scalar(@explicit_only_curves) * scalar(keys %params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + ; + + my %params_encodings = + ( + 'named_curve' => \&supported_fail, + 'explicit' => \&unsupported_pass + ); + + foreach my $curvename (@explicit_only_curves) { + foreach my $paramenc (sort keys %params_encodings) { + my $fn = $params_encodings{$paramenc}; + + # --- Test generating parameters --- + + $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)", + app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})", + app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])); + } + + # --- Test generating actual keys --- + + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])); + } + } + } +}; From nic.tuv at gmail.com Tue Jul 7 08:59:08 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 07 Jul 2020 08:59:08 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594112348.648238.7413.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e1c246bd7682fd1b0fcbba5a224f3cacc1ba278d (commit) via 1940c092a52afd8bc919b8faa5f3d51004503f3a (commit) via 2797fea7608063f54cf45763d1a7ae60a67dae65 (commit) from a98fa843b8ab00e8f3b966a1f5321aaffe805100 (commit) - Log ----------------------------------------------------------------- commit e1c246bd7682fd1b0fcbba5a224f3cacc1ba278d Author: Nicola Tuveri Date: Sun Jun 28 20:23:29 2020 +0300 [test][15-test_genec] Improve EC tests with genpkey Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See for more details. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12308) commit 1940c092a52afd8bc919b8faa5f3d51004503f3a Author: Nicola Tuveri Date: Sat Jun 27 01:42:49 2020 +0300 [apps/genpkey] exit status should not be 0 on output errors If the key is to be serialized or printed as text and the framework returns an error, the app should signal the failure to the user using a non-zero exit status. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12305) (cherry picked from commit 466d30c0d7fa861a5fcbaebd2e2010a8c2aea322) commit 2797fea7608063f54cf45763d1a7ae60a67dae65 Author: Nicola Tuveri Date: Mon Jun 29 00:53:46 2020 +0300 [EC][ASN1] Detect missing OID when serializing EC parameters and keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes #12306 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12312) ----------------------------------------------------------------------- Summary of changes: apps/genpkey.c | 6 +- crypto/ec/ec_ameth.c | 9 ++- crypto/ec/ec_asn1.c | 11 +++- crypto/ec/ec_err.c | 3 +- crypto/err/openssl.txt | 1 + crypto/pem/pem_lib.c | 2 +- include/openssl/ecerr.h | 3 +- test/recipes/15-test_genec.t | 147 ++++++++++++++++++++++++++++++++++++++++--- 8 files changed, 164 insertions(+), 18 deletions(-) diff --git a/apps/genpkey.c b/apps/genpkey.c index 39fa73c91c..e74c74a7a8 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv) goto end; } + ret = 0; + if (rv <= 0) { BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); + ret = 1; } if (text) { @@ -191,11 +194,10 @@ int genpkey_main(int argc, char **argv) if (rv <= 0) { BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err); + ret = 1; } } - ret = 0; - end: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index b7b82e54a3..06e2519c20 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -35,7 +35,14 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) && (nid = EC_GROUP_get_curve_name(group))) /* we have a 'named curve' => just set the OID */ { - *ppval = OBJ_nid2obj(nid); + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } + *ppval = asn1obj; *pptype = V_ASN1_OBJECT; } else { /* explicit parameters */ diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 006f9a5dea..96e7d83ea7 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -547,9 +547,16 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { - ret->type = 0; - if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID); ok = 0; + } else { + ret->type = 0; + ret->value.named_curve = asn1obj; + } } else /* we don't know the nid => ERROR */ ok = 0; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index ce34938232..bfe7422650 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,6 +341,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c90df98c29..3ca271beb5 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2165,6 +2165,7 @@ EC_R_KEYS_NOT_SET:140:keys not set EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_OID:167:missing OID EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 093ba09aeb..4406365ee8 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -332,7 +332,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } } - if ((dsize = i2d(x, NULL)) < 0) { + if ((dsize = i2d(x, NULL)) <= 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); dsize = 0; goto err; diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index f7b9183456..51738113dc 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -243,6 +243,7 @@ int ERR_load_EC_strings(void); # define EC_R_LADDER_POST_FAILURE 136 # define EC_R_LADDER_PRE_FAILURE 153 # define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t index b778d6f536..1b7ec026fa 100644 --- a/test/recipes/15-test_genec.t +++ b/test/recipes/15-test_genec.t @@ -102,10 +102,14 @@ my @binary_curves = qw( wap-wsg-idm-ecid-wtls5 wap-wsg-idm-ecid-wtls10 wap-wsg-idm-ecid-wtls11 - Oakley-EC2N-3 - Oakley-EC2N-4 ); +my @explicit_only_curves = (); +push(@explicit_only_curves, qw( + Oakley-EC2N-3 + Oakley-EC2N-4 + )) if !disabled("ec2m"); + my @other_curves = (); push(@other_curves, 'SM2') if !disabled("sm2"); @@ -143,13 +147,27 @@ my @output_formats = ('PEM', 'DER'); plan tests => scalar(@curve_list) * scalar(@params_encodings) * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + 1 # Checking that with no curve it fails + 1 # Checking that with unknown curve it fails + + 1 # Subtest for explicit only curves ; +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC'])), + "genpkey EC with no params should fail"); + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), + "genpkey EC with unknown curve name should fail"); + foreach my $curvename (@curve_list) { foreach my $paramenc (@params_encodings) { - ok(run(app([ 'openssl', 'genpkey', + + # --- Test generating parameters --- + + ok(run(app([ 'openssl', 'genpkey', '-genparam', '-algorithm', 'EC', '-pkeyopt', 'ec_paramgen_curve:'.$curvename, '-pkeyopt', 'ec_param_enc:'.$paramenc, @@ -166,14 +184,123 @@ foreach my $curvename (@curve_list) { '-out', $outfile])), "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); } + + # --- Test generating actual keys --- + + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } } } -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC'])), - "genpkey EC with no params should fail"); +subtest "test curves that only support explicit parameters encoding" => sub { + @curve_list = @explicit_only_curves; -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), - "genpkey EC with unknown curve name should fail"); + plan skip_all => "This test is unsupported under current configuration" + if scalar(@curve_list) <= 0; + + plan tests => scalar(@curve_list) * scalar(@params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + ; + + foreach my $curvename (@curve_list) { + my $paramenc = "explicit"; + + # --- Test generating parameters --- + + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + my $paramenc = "named_curve"; + + # --- Test generating parameters --- + + ok(!run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(!run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + } +}; From beldmit at gmail.com Tue Jul 7 09:09:06 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 07 Jul 2020 09:09:06 +0000 Subject: [openssl] master update Message-ID: <1594112946.494104.15083.nullmailer@dev.openssl.org> The branch master has been updated via 163b8016160f03558d8352b76fb594685cb39f7d (commit) from 1c9761d0b547d2d135037d215cd16feb4d0b698c (commit) - Log ----------------------------------------------------------------- commit 163b8016160f03558d8352b76fb594685cb39f7d Author: Martin Elshuber Date: Tue Jun 23 12:14:41 2020 +0200 Add support to zeroize plaintext in S3 record layer Some applications want even all plaintext copies beeing zeroized. However, currently plaintext residuals are kept in rbuf within the s3 record layer. This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to optionally enable cleansing of decrypted plaintext data. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12251) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 8 +++ doc/man3/SSL_CTX_set_options.pod | 14 +++++ include/openssl/ssl.h | 3 +- ssl/record/rec_layer_d1.c | 6 +++ ssl/record/rec_layer_s3.c | 2 + ssl/record/ssl3_buffer.c | 2 + test/sslapitest.c | 114 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 148 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 2cb73985a3..4e0002f668 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1100,6 +1100,14 @@ OpenSSL 3.0 *Boris Pismenny* + * The SSL option SSL_OP_CLEANSE_PLAINTEXT is introduced. If that + option is set, openssl cleanses (zeroize) plaintext bytes from + internal buffers after delivering them to the application. Note, + the application is still responsible for cleansing other copies + (e.g.: data received by SSL_read(3)). + + *Martin Elshuber* + OpenSSL 1.1.1 ------------- diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 1bf19ecd23..adc646d72d 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -265,6 +265,20 @@ functionality is not required. Those applications can turn this feature off by setting this option. This is a server-side opton only. It is ignored by clients. +=item SSL_OP_CLEANSE_PLAINTEXT + +By default TLS connections keep a copy of received plaintext +application data in a static buffer until it is overwritten by the +next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT +deciphered application data is cleansed by calling OPENSSL_cleanse(3) +after passing data to the application. Data is also cleansed when +releasing the connection (eg. L). + +Since OpenSSL only cleanses internal buffers, the application is still +responsible for cleansing all other buffers. Most notably, this +applies to buffers passed to functions like L, +L but also like L. + =back The following options no longer have any effect but their identifiers are diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f855f9470d..8d96f0d85a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -321,7 +321,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); /* Disable Extended master secret */ # define SSL_OP_NO_EXTENDED_MASTER_SECRET 0x00000001U -/* Reserved value (until OpenSSL 3.0.0) 0x00000002U */ +/* Cleanse plaintext copies of data delivered to the application */ +# define SSL_OP_CLEANSE_PLAINTEXT 0x00000002U /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 866ef18381..0da012fdfd 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -74,6 +74,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl) while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; + if (rl->s->options & SSL_OP_CLEANSE_PLAINTEXT) + OPENSSL_cleanse(rdata->rbuf.buf, rdata->rbuf.len); OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); @@ -81,6 +83,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl) while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; + if (rl->s->options & SSL_OP_CLEANSE_PLAINTEXT) + OPENSSL_cleanse(rdata->rbuf.buf, rdata->rbuf.len); OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); @@ -514,6 +518,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_length(rr) == 0) SSL3_RECORD_set_read(rr); } else { + if (s->options & SSL_OP_CLEANSE_PLAINTEXT) + OPENSSL_cleanse(&(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8ea16672b6..1d9e803570 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1484,6 +1484,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_length(rr) == 0) SSL3_RECORD_set_read(rr); } else { + if (s->options & SSL_OP_CLEANSE_PLAINTEXT) + OPENSSL_cleanse(&(rr->data[rr->off]), n); SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 2c25099e10..4ebb478ab2 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -180,6 +180,8 @@ int ssl3_release_read_buffer(SSL *s) SSL3_BUFFER *b; b = RECORD_LAYER_get_rbuf(&s->rlayer); + if (s->options & SSL_OP_CLEANSE_PLAINTEXT) + OPENSSL_cleanse(b->buf, b->len); OPENSSL_free(b->buf); b->buf = NULL; return 1; diff --git a/test/sslapitest.c b/test/sslapitest.c index 30dcae3fb1..182984ecb1 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1595,6 +1595,119 @@ static int test_large_message_dtls(void) } #endif +static int execute_cleanse_plaintext(const SSL_METHOD *smeth, + const SSL_METHOD *cmeth, + int min_version, int max_version) +{ + size_t i; + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL3_RECORD *rr; + void *zbuf; + + static unsigned char cbuf[16000]; + static unsigned char sbuf[16000]; + + if (!TEST_true(create_ssl_ctx_pair(libctx, + smeth, cmeth, + min_version, max_version, + &sctx, &cctx, cert, + privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(SSL_set_options(serverssl, SSL_OP_CLEANSE_PLAINTEXT))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + for (i = 0; i < sizeof(cbuf); i++) { + cbuf[i] = i & 0xff; + } + + if (!TEST_int_eq(SSL_write(clientssl, cbuf, sizeof(cbuf)), sizeof(cbuf))) + goto end; + + if (!TEST_int_eq(SSL_peek(serverssl, &sbuf, sizeof(sbuf)), sizeof(sbuf))) + goto end; + + if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) + goto end; + + /* + * Since we called SSL_peek(), we know the data in the record + * layer is a plaintext record. We can gather the pointer to check + * for zeroization after SSL_read(). + */ + rr = serverssl->rlayer.rrec; + zbuf = &rr->data[rr->off]; + if (!TEST_int_eq(rr->length, sizeof(cbuf))) + goto end; + + /* + * After SSL_peek() the plaintext must still be stored in the + * record. + */ + if (!TEST_mem_eq(cbuf, sizeof(cbuf), zbuf, sizeof(cbuf))) + goto end; + + memset(sbuf, 0, sizeof(sbuf)); + if (!TEST_int_eq(SSL_read(serverssl, &sbuf, sizeof(sbuf)), sizeof(sbuf))) + goto end; + + if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(cbuf))) + goto end; + + /* Check if rbuf is cleansed */ + memset(cbuf, 0, sizeof(cbuf)); + if (!TEST_mem_eq(cbuf, sizeof(cbuf), zbuf, sizeof(cbuf))) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_cleanse_plaintext(void) +{ +#if !defined(OPENSSL_NO_TLS1_2) + if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), + TLS_client_method(), + TLS1_2_VERSION, + TLS1_2_VERSION))) + return 0; + +#endif + +#if !defined(OPENSSL_NO_TLS1_3) + if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + TLS1_3_VERSION))) + return 0; +#endif + +#if !defined(OPENSSL_NO_DTLS) + if (!TEST_true(execute_cleanse_plaintext(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, + 0))) + return 0; +#endif + return 1; +} + #ifndef OPENSSL_NO_OCSP static int ocsp_server_cb(SSL *s, void *arg) { @@ -8324,6 +8437,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_DTLS ADD_TEST(test_large_message_dtls); #endif + ADD_TEST(test_cleanse_plaintext); #ifndef OPENSSL_NO_OCSP ADD_TEST(test_tlsext_status_type); #endif From openssl at openssl.org Tue Jul 7 09:28:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 09:28:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1594114135.636405.21473.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4122: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3092: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Tue Jul 7 10:12:49 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 07 Jul 2020 10:12:49 +0000 Subject: Errored: openssl/openssl#35987 (master - 1c9761d) In-Reply-To: Message-ID: <5f044aa0b41b3_13fbd6ed9d8282758d2@travis-pro-tasks-778fdbb7d8-zvrld.mail> Build Update for openssl/openssl ------------------------------------- Build: #35987 Status: Errored Duration: 1 hr, 13 mins, and 49 secs Commit: 1c9761d (master) Author: Nicola Tuveri Message: [test][15-test_genec] Improve EC tests with genpkey Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See for more details. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12307) View the changeset: https://github.com/openssl/openssl/compare/8c330e1939d6...1c9761d0b547 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174592233?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Tue Jul 7 11:57:41 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 07 Jul 2020 11:57:41 +0000 Subject: Errored: openssl/openssl#35989 (master - 163b801) In-Reply-To: Message-ID: <5f046332843b4_13fbd6ed9cbf850495d@travis-pro-tasks-778fdbb7d8-zvrld.mail> Build Update for openssl/openssl ------------------------------------- Build: #35989 Status: Errored Duration: 1 hr, 19 mins, and 13 secs Commit: 163b801 (master) Author: Martin Elshuber Message: Add support to zeroize plaintext in S3 record layer Some applications want even all plaintext copies beeing zeroized. However, currently plaintext residuals are kept in rbuf within the s3 record layer. This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to optionally enable cleansing of decrypted plaintext data. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12251) View the changeset: https://github.com/openssl/openssl/compare/1c9761d0b547...163b8016160f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174593828?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 7 13:35:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 13:35:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1594128955.848952.17465.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=2662, 851 wallclock secs (11.82 usr 1.22 sys + 755.19 cusr 56.70 csys = 824.93 CPU) Result: FAIL Makefile:3120: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3118: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 7 16:16:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 16:16:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1594138562.086148.11192.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=204, Tests=2659, 741 wallclock secs (10.55 usr 1.13 sys + 692.16 cusr 49.07 csys = 752.91 CPU) Result: FAIL Makefile:3126: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3124: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 7 18:51:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 18:51:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1594147883.852948.30068.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F02E6C147F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F02E6C147F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F02E6C147F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F02E6C147F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6632 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 52 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/kmELYDzKg2 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0D3B9187F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0D3B9187F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0D3B9187F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0D3B9187F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6632 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 52 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/kmELYDzKg2 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=2661, 819 wallclock secs (12.01 usr 1.17 sys + 762.01 cusr 56.33 csys = 831.52 CPU) Result: FAIL Makefile:3116: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3114: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 7 21:08:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 21:08:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1594156084.928257.9707.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0203C5A3C7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0203C5A3C7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0203C5A3C7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0203C5A3C7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6632 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 52 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/rzVk9pGMIn default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C060C5D1827F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C060C5D1827F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C060C5D1827F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C060C5D1827F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6632 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 52 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/rzVk9pGMIn fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=2661, 817 wallclock secs (11.77 usr 1.17 sys + 761.33 cusr 58.04 csys = 832.31 CPU) Result: FAIL Makefile:3116: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3114: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 7 21:53:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 07 Jul 2020 21:53:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1594158791.889616.540.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 1b726e9b91 TEST: update 02-test_errstr.t to have better tests fa7a807435 SSL: fix misuse of ERR_LIB_SYS 17b7f89684 TEST: fix test/errtest.c 71f2994b15 ERR: special case system errors 163b2bcd8b ERR: refactor global error codes dd76b90ef6 CORE: perform post-condition in algorithm_do_this() under all circumstances 1dc1ea182b Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 915e7e75a4 util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 c996f71bab apps: remove NULL check imn release_engine since ENGINE_free also does it. 2f142901ca coverity 1464983: null pointer dereference 6f924bb89e coverity 1464984: Null pointer dereferences 9283e9bd11 cmp: remove NULL check. c4d0221405 coverity: CID 1464987: USE AFTER FREE 22f7f42433 rand: avoid caching RNG parameters. 7dc38bea94 Refactor the EVP_RAND code to make locking issues less likely 132abb21f9 rand: fix recursive locking issue. 8c1cbc7210 Fix typos and repeated words 3a19f1a9dd Configuration and build: Fix solaris tags 1cafbb799a util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ 16328e9f6c NOTE.WIN: suggest the audetecting configuration variant as well b2bed3c6e5 util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries bb2d726d75 Fix a typo in the i2d_TYPE_fp documentation 5b393802ed Don't run the cmp_cli tests if using FUZZING_BUILD_MODE ca3245a619 If an empty password is supplied still try to use it 5a640713f3 Ensure a string is properly terminated in http_client.c 64bb6276d1 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use 8913760960 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 94fcec0902 test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) ea4ee152a7 Configure: fix handling of build.info attributes with value e7869ef137 Fix up build issue when running cpp tests 0c4444121c doc: Remove stray backtick Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D07E1EF37F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:409: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D07E1EF37F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8088 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D07E1EF37F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:409: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D07E1EF37F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8088 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 36 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Rd9IqzT_BT default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D01C2E6D7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:409: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D01C2E6D7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8088 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D01C2E6D7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:409: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D01C2E6D7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1612:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8088 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 36 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/Rd9IqzT_BT fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=2583, 758 wallclock secs (10.49 usr 1.28 sys + 704.66 cusr 52.97 csys = 769.40 CPU) Result: FAIL Makefile:3119: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3117: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Wed Jul 8 08:06:01 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 08 Jul 2020 08:06:01 +0000 Subject: [openssl] master update Message-ID: <1594195561.175256.11957.nullmailer@dev.openssl.org> The branch master has been updated via 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d (commit) via 146aebc6a082ac4343b79dcf18ef86e853b85d85 (commit) via 90a74d8c4331c363d68ecd1168bc5344f7ba9be8 (commit) via 08a1c9f2e6e28a81936e51019b89e842a1a90b31 (commit) from 163b8016160f03558d8352b76fb594685cb39f7d (commit) - Log ----------------------------------------------------------------- commit 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d Author: Matt Caswell Date: Wed Jul 1 12:20:49 2020 +0100 Ensure we excluse ec2m curves if ec2m is disabled Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12292) commit 146aebc6a082ac4343b79dcf18ef86e853b85d85 Author: Matt Caswell Date: Fri Jun 26 20:49:19 2020 +0100 Add a test to check having a provider loaded without a groups still works As long as we have at least one provider loaded which offers some groups, it doesn't matter if we have others loaded that don't. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12292) commit 90a74d8c4331c363d68ecd1168bc5344f7ba9be8 Author: Matt Caswell Date: Fri Jun 26 20:44:27 2020 +0100 Fix an incorrect error flow in add_provider_groups Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12292) commit 08a1c9f2e6e28a81936e51019b89e842a1a90b31 Author: Matt Caswell Date: Fri Jun 26 20:40:11 2020 +0100 Fix OSSL_PROVIDER_get_capabilities() It is not a failure to call OSSL_PROVIDER_get_capabilities() with a provider loaded that has no capabilities. Fixes #12286 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12292) ----------------------------------------------------------------------- Summary of changes: crypto/provider_core.c | 2 +- providers/common/capabilities.c | 8 ++++++++ ssl/t1_lib.c | 2 +- test/sslapitest.c | 5 ++++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index a2350bb88e..f68fd8f0f9 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -831,7 +831,7 @@ int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, void *arg) { return prov->get_capabilities == NULL - ? 0 : prov->get_capabilities(prov->provctx, capability, cb, arg); + ? 1 : prov->get_capabilities(prov->provctx, capability, cb, arg); } diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index a41d3990f0..a60620d8a2 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -97,26 +97,34 @@ static const TLS_GROUP_CONSTANTS group_list[35] = { static const OSSL_PARAM param_group_list[][10] = { #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect163k1", "sect163k1", "EC", 0), +# endif # ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect163r1", "sect163r1", "EC", 1), # endif +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect163r2", "sect163r2", "EC", 2), +# endif # ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect193r1", "sect193r1", "EC", 3), TLS_GROUP_ENTRY("sect193r2", "sect193r2", "EC", 4), # endif +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect233k1", "sect233k1", "EC", 5), TLS_GROUP_ENTRY("sect233r1", "sect233r1", "EC", 6), +# endif # ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect239k1", "sect239k1", "EC", 7), # endif +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect283k1", "sect283k1", "EC", 8), TLS_GROUP_ENTRY("sect283r1", "sect283r1", "EC", 9), TLS_GROUP_ENTRY("sect409k1", "sect409k1", "EC", 10), TLS_GROUP_ENTRY("sect409r1", "sect409r1", "EC", 11), TLS_GROUP_ENTRY("sect571k1", "sect571k1", "EC", 12), TLS_GROUP_ENTRY("sect571r1", "sect571r1", "EC", 13), +# endif # ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp160k1", "secp160k1", "EC", 14), TLS_GROUP_ENTRY("secp160r1", "secp160r1", "EC", 15), diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c9097fcc44..41228d58e9 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -334,7 +334,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_TLS); if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxtls)) { SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; + goto err; } p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS); diff --git a/test/sslapitest.c b/test/sslapitest.c index 182984ecb1..afc4ea8d40 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8235,8 +8235,10 @@ static int test_pluggable_group(void) SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider"); + /* Check that we are not impacted by a provider without any groups */ + OSSL_PROVIDER *legacyprov = OSSL_PROVIDER_load(libctx, "legacy"); - if (!TEST_ptr(tlsprov)) + if (!TEST_ptr(tlsprov) || !TEST_ptr(legacyprov)) goto end; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), @@ -8263,6 +8265,7 @@ static int test_pluggable_group(void) SSL_CTX_free(sctx); SSL_CTX_free(cctx); OSSL_PROVIDER_unload(tlsprov); + OSSL_PROVIDER_unload(legacyprov); return testresult; } From beldmit at gmail.com Wed Jul 8 08:21:47 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 08 Jul 2020 08:21:47 +0000 Subject: [openssl] master update Message-ID: <1594196507.305537.22486.nullmailer@dev.openssl.org> The branch master has been updated via eae4a008341149783b540198470f04f85b22730e (commit) via c8ea9bc6702e30f4efa690906abd14c5eab927cf (commit) via e2cc68c8fda7792eb2f09ac152dd346bb90ad316 (commit) via 5999d20ea8ed1c69e89b201fa70a5964ff11665e (commit) via 821278a885c7c8edb5bca943006df5700257390e (commit) via fd7d574dd98761d41d87a777c0b4f044ecc075be (commit) via 84ba665d72906c36b158071035896f50a9aad808 (commit) from 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d (commit) - Log ----------------------------------------------------------------- commit eae4a008341149783b540198470f04f85b22730e Author: Shane Lontis Date: Tue Jul 7 09:50:34 2020 +1000 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) commit c8ea9bc6702e30f4efa690906abd14c5eab927cf Author: Shane Lontis Date: Tue Jul 7 09:46:37 2020 +1000 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) commit e2cc68c8fda7792eb2f09ac152dd346bb90ad316 Author: Shane Lontis Date: Mon Jul 6 17:35:23 2020 +1000 Fix CID 1465213: Integer handling issues (evp_extra_test.c) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) commit 5999d20ea8ed1c69e89b201fa70a5964ff11665e Author: Shane Lontis Date: Mon Jul 6 16:13:48 2020 +1000 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) commit 821278a885c7c8edb5bca943006df5700257390e Author: Shane Lontis Date: Mon Jul 6 14:31:32 2020 +1000 Fix CID 1465214 Resource leak (in file_load.c) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) commit fd7d574dd98761d41d87a777c0b4f044ecc075be Author: Shane Lontis Date: Mon Jul 6 14:16:09 2020 +1000 Fix CID 1465215 : Explicit null dereferenced (in test) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) commit 84ba665d72906c36b158071035896f50a9aad808 Author: Shane Lontis Date: Mon Jul 6 14:08:58 2020 +1000 Fix CID #1465216 Resource leak in property_fetch Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_enc.c | 7 ++++++- crypto/ess/ess_lib.c | 4 +++- crypto/pkcs7/pk7_doit.c | 7 +++++-- crypto/property/property.c | 2 +- crypto/store/loader_file.c | 4 +++- test/evp_extra_test.c | 8 ++++---- test/evp_pkey_provided_test.c | 2 ++ 7 files changed, 24 insertions(+), 10 deletions(-) diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 3a17a2798b..5f9e2b3a52 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -28,6 +28,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) X509_ALGOR *calg = ec->contentEncryptionAlgorithm; unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; unsigned char *tkey = NULL; + int len; size_t tkeylen = 0; int ok = 0; @@ -81,7 +82,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } - tkeylen = EVP_CIPHER_CTX_key_length(ctx); + len = EVP_CIPHER_CTX_key_length(ctx); + if (len <= 0) + goto err; + tkeylen = (size_t)len; + /* Generate random session key */ if (!enc || !ec->key) { tkey = OPENSSL_malloc(tkeylen); diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 17f9db98ff..3f418235ad 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -339,7 +339,9 @@ int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert) const ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); const EVP_MD *md; - if (cid != NULL && cid->hash_alg != NULL) + if (cid == NULL) + return -1; + if (cid->hash_alg != NULL) md = EVP_get_digestbyobj(cid->hash_alg->algorithm); else md = EVP_sha256(); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 3e2065244d..718b6f3899 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -361,7 +361,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { - int i, j; + int i, j, len; BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; X509_ALGOR *xa; ASN1_OCTET_STRING *data_body = NULL; @@ -524,7 +524,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) goto err; /* Generate random key as MMA defence */ - tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + len = EVP_CIPHER_CTX_key_length(evp_ctx); + if (len <= 0) + goto err; + tkeylen = (size_t)len; tkey = OPENSSL_malloc(tkeylen); if (tkey == NULL) goto err; diff --git a/crypto/property/property.c b/crypto/property/property.c index a3b52ee44d..645e361b0a 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -358,9 +358,9 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, pq = *plp; } else { p2 = ossl_property_merge(pq, *plp); + ossl_property_free(pq); if (p2 == NULL) goto fin; - ossl_property_free(pq); pq = p2; } } diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index ed74e55834..9a2ada335d 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1545,8 +1545,10 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); /* We bail out on ambiguity */ - if (matchcount > 1) + if (matchcount > 1) { + OSSL_STORE_INFO_free(result); return NULL; + } if (result != NULL && ctx->expected_type != 0 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 1876bdcf11..f31ba31e09 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -802,7 +802,7 @@ static int test_privatekey_to_pkcs8(void) EVP_PKEY *pkey = NULL; BIO *membio = NULL; char *membuf = NULL; - size_t membuf_len = 0; + long membuf_len = 0; int ok = 0; if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) @@ -810,9 +810,9 @@ static int test_privatekey_to_pkcs8(void) || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, NULL, 0, NULL, NULL), 0) - || !TEST_ptr((membuf_len = (size_t)BIO_get_mem_data(membio, &membuf), - membuf)) - || !TEST_mem_eq(membuf, membuf_len, + || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) + || !TEST_ptr(membuf) + || !TEST_mem_eq(membuf, (size_t)membuf_len, kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) /* * We try to write PEM as well, just to see that it doesn't err, but diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index fd3e580d8c..7e063bb77b 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -841,6 +841,8 @@ static int test_fromdata_ecx(int tst) size = ED448_KEYLEN; alg = "ED448"; break; + default: + goto err; } ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL); From builds at travis-ci.com Wed Jul 8 09:19:26 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 08 Jul 2020 09:19:26 +0000 Subject: Errored: openssl/openssl#36001 (master - 2f1d0b3) In-Reply-To: Message-ID: <5f058f9dd8a05_13ff133fa5514192888@travis-pro-tasks-769d6b7b7c-pc66m.mail> Build Update for openssl/openssl ------------------------------------- Build: #36001 Status: Errored Duration: 1 hr, 11 mins, and 54 secs Commit: 2f1d0b3 (master) Author: Matt Caswell Message: Ensure we excluse ec2m curves if ec2m is disabled Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12292) View the changeset: https://github.com/openssl/openssl/compare/163b8016160f...2f1d0b35c12f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174760837?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jul 8 10:17:43 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 08 Jul 2020 10:17:43 +0000 Subject: Errored: openssl/openssl#36002 (master - eae4a00) In-Reply-To: Message-ID: <5f059d417939f_13ff133fa4e843742de@travis-pro-tasks-769d6b7b7c-pc66m.mail> Build Update for openssl/openssl ------------------------------------- Build: #36002 Status: Errored Duration: 1 hr, 19 mins, and 50 secs Commit: eae4a00 (master) Author: Shane Lontis Message: Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12379) View the changeset: https://github.com/openssl/openssl/compare/2f1d0b35c12f...eae4a0083411 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174762896?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 8 23:54:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 08 Jul 2020 23:54:46 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1594252486.367592.19360.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80174F3DAA7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8067017BBA7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8067017BBA7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=3015, 1684 wallclock secs (11.29 usr 1.54 sys + 1516.20 cusr 150.74 csys = 1679.77 CPU) Result: FAIL Makefile:2490: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2488: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 9 01:48:03 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 01:48:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1594259283.790903.16773.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=3085, 863 wallclock secs (12.75 usr 1.45 sys + 797.98 cusr 58.43 csys = 870.61 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Thu Jul 9 03:45:10 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 09 Jul 2020 03:45:10 +0000 Subject: [openssl] master update Message-ID: <1594266310.098925.10832.nullmailer@dev.openssl.org> The branch master has been updated via 63794b048cbe46ac9abb883df4dd703f522e4643 (commit) from eae4a008341149783b540198470f04f85b22730e (commit) - Log ----------------------------------------------------------------- commit 63794b048cbe46ac9abb883df4dd703f522e4643 Author: Shane Lontis Date: Thu Jul 9 13:43:10 2020 +1000 Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12176) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_key.c | 4 + crypto/dsa/dsa_key.c | 7 ++ crypto/ffc/ffc_params_generate.c | 11 +- crypto/ffc/ffc_params_validate.c | 26 ++++ include/internal/ffc.h | 1 + test/build.info | 6 +- test/evp_libctx_test.c | 253 ++++++++++++++++++++++++++++++++++++++ test/ffc_internal_test.c | 7 -- test/recipes/30-test_evp_libctx.t | 46 +++++++ 9 files changed, 352 insertions(+), 9 deletions(-) create mode 100644 test/evp_libctx_test.c create mode 100644 test/recipes/30-test_evp_libctx.t diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 5d2acca25c..3b4da19cd2 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -287,6 +287,10 @@ static int generate_key(DH *dh) } else #endif { + /* Do a partial check for invalid p, q, g */ + if (!ffc_params_simple_validate(dh->libctx, &dh->params, + FFC_PARAM_TYPE_DH)) + goto err; /* * For FFC FIPS 186-4 keygen * security strength s = 112, diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 7bd9c5ff2e..b537ec0b3c 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -74,6 +74,11 @@ static int dsa_keygen(DSA *dsa, int pairwise_test) priv_key = dsa->priv_key; } + /* Do a partial check for invalid p, q, g */ + if (!ffc_params_simple_validate(dsa->libctx, &dsa->params, + FFC_PARAM_TYPE_DSA)) + goto err; + /* * For FFC FIPS 186-4 keygen * security strength s = 112, @@ -110,6 +115,8 @@ static int dsa_keygen(DSA *dsa, int pairwise_test) if (!ok) { BN_free(dsa->pub_key); BN_clear_free(dsa->priv_key); + dsa->pub_key = NULL; + dsa->priv_key = NULL; BN_CTX_free(ctx); return ok; } diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 325eb6768f..8a0b77e7f8 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -39,6 +39,11 @@ */ static int ffc_validate_LN(size_t L, size_t N, int type) { +#ifndef FIPS_MODULE + if (L == 1024 && N == 160) + return 80; +#endif + if (type == FFC_PARAM_TYPE_DH) { /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ if (L == 2048 && (N == 224 || N == 256)) @@ -498,6 +503,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, EVP_MD *md = NULL; int verify = (mode == FFC_PARAM_MODE_VERIFY); unsigned int flags = verify ? params->flags : 0; + const char *def_name; *res = 0; @@ -506,7 +512,10 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, } else { if (N == 0) N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; - md = EVP_MD_fetch(libctx, default_mdname(N), NULL); + def_name = default_mdname(N); + if (def_name == NULL) + goto err; + md = EVP_MD_fetch(libctx, def_name, NULL); } if (md == NULL) goto err; diff --git a/crypto/ffc/ffc_params_validate.c b/crypto/ffc/ffc_params_validate.c index f3df0c2b39..821ff3e88a 100644 --- a/crypto/ffc/ffc_params_validate.c +++ b/crypto/ffc/ffc_params_validate.c @@ -78,3 +78,29 @@ int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, FFC_PARAM_MODE_VERIFY, type, L, N, res, cb); } + +/* + * This does a simple check of L and N and partial g. + * It makes no attempt to do a full validation of p, q or g since these require + * extra parameters such as the digest and seed, which may not be available for + * this test. + */ +int ffc_params_simple_validate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type) +{ + int ret, res = 0; + int save_gindex; + unsigned int save_flags; + + if (params == NULL) + return 0; + + save_flags = params->flags; + save_gindex = params->gindex; + params->flags = FFC_PARAM_FLAG_VALIDATE_G; + params->gindex = FFC_UNVERIFIABLE_GINDEX; + + ret = ffc_params_FIPS186_4_validate(libctx, params, type, &res, NULL); + params->flags = save_flags; + params->gindex = save_gindex; + return ret != FFC_PARAM_RET_STATUS_FAILED; +} diff --git a/include/internal/ffc.h b/include/internal/ffc.h index 2ed5d72c5c..b352b8d345 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -155,6 +155,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, int mode, int type, size_t L, size_t N, int *res, BN_GENCB *cb); +int ffc_params_simple_validate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type); int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, int type, int *res, BN_GENCB *cb); int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, diff --git a/test/build.info b/test/build.info index 88b35d4d3c..ed547d1488 100644 --- a/test/build.info +++ b/test/build.info @@ -36,7 +36,7 @@ IF[{- !$disabled{tests} -}] destest mdc2test \ enginetest exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test acvp_test \ + evp_fetch_prov_test acvp_test evp_libctx_test \ v3nametest v3ext \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test v3nametest v3ext \ @@ -141,6 +141,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[evp_extra_test2]=../include ../apps/include DEPEND[evp_extra_test2]=../libcrypto libtestutil.a + SOURCE[evp_libctx_test]=evp_libctx_test.c + INCLUDE[evp_libctx_test]=../include ../apps/include + DEPEND[evp_libctx_test]=../libcrypto.a libtestutil.a + SOURCE[evp_fetch_prov_test]=evp_fetch_prov_test.c INCLUDE[evp_fetch_prov_test]=../include ../apps/include DEPEND[evp_fetch_prov_test]=../libcrypto libtestutil.a diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c new file mode 100644 index 0000000000..77054f93a2 --- /dev/null +++ b/test/evp_libctx_test.c @@ -0,0 +1,253 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + + * These tests are setup to load null into the default library context. + * Any tests are expected to use the created 'libctx' to find algorithms. + * The framework runs the tests twice using the 'default' provider or + * 'fips' provider as inputs. + */ + +/* + * DSA/DH low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" +#include +#include +#include +#include "testutil.h" +#include "internal/nelem.h" +#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ + +static OPENSSL_CTX *libctx = NULL; +static OSSL_PROVIDER *nullprov = NULL; +static OSSL_PROVIDER *libprov = NULL; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_CONFIG_FILE, + OPT_PROVIDER_NAME, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the libctx" }, + { "provider", OPT_PROVIDER_NAME, 's', + "The provider to load (The default value is 'default'" }, + { NULL } + }; + return test_options; +} + +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DH) +static const char *getname(int id) +{ + const char *name[] = {"p", "q", "g" }; + + if (id >= 0 && id < 3) + return name[id]; + return "?"; +} +#endif + +#ifndef OPENSSL_NO_DSA + +static int test_dsa_param_keygen(int tstid) +{ + int ret = 0; + int expected; + EVP_PKEY_CTX *gen_ctx = NULL; + EVP_PKEY *pkey_parm = NULL; + EVP_PKEY *pkey = NULL; + DSA *dsa = NULL; + int pind, qind, gind; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + + /* + * Just grab some fixed dh p, q, g values for testing, + * these 'safe primes' should not be used normally for dsa *. + */ + static const BIGNUM *bn[] = { + &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g + }; + + /* + * These tests are using bad values for p, q, g by reusing the values. + * A value of 0 uses p, 1 uses q and 2 uses g. + * There are 27 different combinations, with only the 1 valid combination. + */ + pind = tstid / 9; + qind = (tstid / 3) % 3; + gind = tstid % 3; + expected = (pind == 0 && qind == 1 && gind == 2); + + TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind), + getname(qind), getname(gind)); + + if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) + || !TEST_ptr(dsa = DSA_new()) + || !TEST_ptr(p = BN_dup(bn[pind])) + || !TEST_ptr(q = BN_dup(bn[qind])) + || !TEST_ptr(g = BN_dup(bn[gind])) + || !TEST_true(DSA_set0_pqg(dsa, p, q, g))) + goto err; + p = q = g = NULL; + + if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa))) + goto err; + dsa = NULL; + + if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) + || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) + goto err; + ret = 1; +err: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(gen_ctx); + EVP_PKEY_free(pkey_parm); + DSA_free(dsa); + BN_free(g); + BN_free(q); + BN_free(p); + return ret; +} +#endif /* OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_DH +static int do_dh_param_keygen(int tstid, const BIGNUM **bn) +{ + int ret = 0; + int expected; + EVP_PKEY_CTX *gen_ctx = NULL; + EVP_PKEY *pkey_parm = NULL; + EVP_PKEY *pkey = NULL; + DH *dh = NULL; + int pind, qind, gind; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + + /* + * These tests are using bad values for p, q, g by reusing the values. + * A value of 0 uses p, 1 uses q and 2 uses g. + * There are 27 different combinations, with only the 1 valid combination. + */ + pind = tstid / 9; + qind = (tstid / 3) % 3; + gind = tstid % 3; + expected = (pind == 0 && qind == 1 && gind == 2); + + TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind), + getname(qind), getname(gind)); + + if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) + || !TEST_ptr(dh = DH_new()) + || !TEST_ptr(p = BN_dup(bn[pind])) + || !TEST_ptr(q = BN_dup(bn[qind])) + || !TEST_ptr(g = BN_dup(bn[gind])) + || !TEST_true(DH_set0_pqg(dh, p, q, g))) + goto err; + p = q = g = NULL; + + if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh))) + goto err; + dh = NULL; + + if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) + || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) + goto err; + ret = 1; +err: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(gen_ctx); + EVP_PKEY_free(pkey_parm); + DH_free(dh); + BN_free(g); + BN_free(q); + BN_free(p); + return ret; +} + +/* + * Note that we get the fips186-4 path being run for most of these cases since + * the internal code will detect that the p, q, g does not match a safe prime + * group (Except for when tstid = 5, which sets the correct p, q, g) + */ +static int test_dh_safeprime_param_keygen(int tstid) +{ + static const BIGNUM *bn[] = { + &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2 + }; + return do_dh_param_keygen(tstid, bn); +} + +#endif /* OPENSSL_NO_DH */ + +int setup_tests(void) +{ + const char *prov_name = "default"; + char *config_file = NULL; + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_PROVIDER_NAME: + prov_name = opt_arg(); + break; + case OPT_CONFIG_FILE: + config_file = opt_arg(); + break; + case OPT_TEST_CASES: + break; + default: + case OPT_ERR: + return 0; + } + } + + nullprov = OSSL_PROVIDER_load(NULL, "null"); + if (!TEST_ptr(nullprov)) + return 0; + + libctx = OPENSSL_CTX_new(); + + if (!TEST_ptr(libctx)) + return 0; + + if (config_file != NULL) { + if (!TEST_true(OPENSSL_CTX_load_config(libctx, config_file))) + return 0; + } + + libprov = OSSL_PROVIDER_load(libctx, prov_name); + if (!TEST_ptr(libprov)) + return 0; + +#ifndef OPENSSL_NO_DSA + ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); +#endif +#ifndef OPENSSL_NO_DH + ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); +#endif + return 1; +} + +void cleanup_tests(void) +{ + OSSL_PROVIDER_unload(libprov); + OPENSSL_CTX_free(libctx); + OSSL_PROVIDER_unload(nullprov); +} diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index 632cead926..1acc342f6e 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -399,13 +399,6 @@ static int ffc_params_fips186_2_gen_validate_test(void) FFC_PARAM_TYPE_DH, &res, NULL))) goto err; - /* FIPS 186-4 L,N pair test will fail for DH */ - if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - &res, NULL))) - goto err; - if (!TEST_int_eq(res, FFC_CHECK_BAD_LN_PAIR)) - goto err; /* * The fips186-2 generation should produce a different q compared to diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t new file mode 100644 index 0000000000..8fcc71a1cd --- /dev/null +++ b/test/recipes/30-test_evp_libctx.t @@ -0,0 +1,46 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_dir srctop_file bldtop_file); +use OpenSSL::Test::Utils; + +BEGIN { + setup("test_evp_libctx"); +} + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $infile = bldtop_file('providers', platform->dso('fips')); +# If no fips then run the test with no extra arguments. +my @test_args = ( ); + +plan tests => + ($no_fips ? 0 : 1) # FIPS install test + + 1; + +unless ($no_fips) { + @test_args = ("-config", srctop_file("test","fips.cnf"), + "-provider", "fips"); + + ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsmodule.cnf'), + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_sect'])), + "fipsinstall"); +} + +ok(run(test(["evp_libctx_test", @test_args])), "running evp_libctx_test"); From levitte at openssl.org Thu Jul 9 04:57:26 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 09 Jul 2020 04:57:26 +0000 Subject: [openssl] master update Message-ID: <1594270646.237422.13883.nullmailer@dev.openssl.org> The branch master has been updated via f6f159e7a133d1b2f82a82fab3f8c357a07b574f (commit) from 63794b048cbe46ac9abb883df4dd703f522e4643 (commit) - Log ----------------------------------------------------------------- commit f6f159e7a133d1b2f82a82fab3f8c357a07b574f Author: Richard Levitte Date: Mon Jul 6 11:35:25 2020 +0200 Makefile template: fix incorrect treatment of produced document files Documentation files were treated as programs when assigning to the make variables HTMLDOCS{1,3,5,7} and MANDOCS{1,3,5,7}, which is is incorrect on POSIX sub-systems where executables have an extension (.exe). Fixes #11937 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12374) ----------------------------------------------------------------------- Summary of changes: Configurations/unix-Makefile.tmpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 2586f73791..a0c5081b04 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -173,35 +173,35 @@ MISC_SCRIPTS={- -} HTMLDOCS1={- join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 10, @{$unified_info{htmldocs}->{man1}})) -} HTMLDOCS3={- join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 10, @{$unified_info{htmldocs}->{man3}})) -} HTMLDOCS5={- join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 10, @{$unified_info{htmldocs}->{man5}})) -} HTMLDOCS7={- join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 10, @{$unified_info{htmldocs}->{man7}})) -} MANDOCS1={- join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 9, @{$unified_info{mandocs}->{man1}})) -} MANDOCS3={- join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 9, @{$unified_info{mandocs}->{man3}})) -} MANDOCS5={- join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 9, @{$unified_info{mandocs}->{man5}})) -} MANDOCS7={- join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, map { platform->bin($_) } + fill_lines(" ", $COLUMNS - 9, @{$unified_info{mandocs}->{man7}})) -} APPS_OPENSSL="{- use File::Spec::Functions; From builds at travis-ci.com Thu Jul 9 06:49:44 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 09 Jul 2020 06:49:44 +0000 Subject: Errored: openssl/openssl#36004 (master - 63794b0) In-Reply-To: Message-ID: <5f06be083b7bd_13f929c9ada08177890@travis-pro-tasks-8458ccfff8-wq7nz.mail> Build Update for openssl/openssl ------------------------------------- Build: #36004 Status: Errored Duration: 2 hrs, 34 mins, and 51 secs Commit: 63794b0 (master) Author: Shane Lontis Message: Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12176) View the changeset: https://github.com/openssl/openssl/compare/eae4a0083411...63794b048cbe View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174909510?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 9 07:18:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 07:18:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1594279116.057153.25101.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): C0E0CA35097F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E0CA35097F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0E0CA35097F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0E0CA35097F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0E0CA35097F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0E0CA35097F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E0CA35097F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0E0CA35097F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0E0CA35097F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0E0CA35097F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C060DBCF907F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C07002DC547F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=3118, 847 wallclock secs (13.02 usr 1.34 sys + 785.26 cusr 59.13 csys = 858.75 CPU) Result: FAIL Makefile:3072: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3070: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 9 07:41:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 07:41:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1594280496.644924.9273.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=204, Tests=3218, 820 wallclock secs (12.10 usr 1.30 sys + 760.59 cusr 59.74 csys = 833.73 CPU) Result: FAIL Makefile:3113: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3111: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 9 09:04:39 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 09 Jul 2020 09:04:39 +0000 Subject: Errored: openssl/openssl#36006 (master - f6f159e) In-Reply-To: Message-ID: <5f06dda7f879_13fcb598a9288149125@travis-pro-tasks-d948b8f5d-l5v4g.mail> Build Update for openssl/openssl ------------------------------------- Build: #36006 Status: Errored Duration: 2 hrs, 53 mins, and 40 secs Commit: f6f159e (master) Author: Richard Levitte Message: Makefile template: fix incorrect treatment of produced document files Documentation files were treated as programs when assigning to the make variables HTMLDOCS{1,3,5,7} and MANDOCS{1,3,5,7}, which is is incorrect on POSIX sub-systems where executables have an extension (.exe). Fixes #11937 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12374) View the changeset: https://github.com/openssl/openssl/compare/63794b048cbe...f6f159e7a133 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/174918879?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 9 09:47:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 09:47:16 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1594288036.061517.11023.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): 70-test_sslversions.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t (Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 12 Failed: 2) Failed tests: 5, 8 Non-zero exit status: 2 Files=204, Tests=2029, 467 wallclock secs ( 7.14 usr 0.99 sys + 397.92 cusr 43.79 csys = 449.84 CPU) Result: FAIL Makefile:3123: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3121: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Thu Jul 9 11:04:17 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2020 11:04:17 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594292657.788337.20425.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 32adaca4a15a347f6f7a515c7ea9c76403c976f1 (commit) from e1c246bd7682fd1b0fcbba5a224f3cacc1ba278d (commit) - Log ----------------------------------------------------------------- commit 32adaca4a15a347f6f7a515c7ea9c76403c976f1 Author: Glenn Strauss Date: Fri Jun 5 17:14:08 2020 -0400 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl improve reference implementation code in SSL_CTX_set_tlsext_ticket_key_cb man page change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication of requiring longer keys. Updating this code brings the reference implementation in line with implementation in openssl committed in 2016: commit 05df5c20 Use AES256 for the default encryption algorithm for TLS session tickets add comments where user-implementation is needed to complete code (backport from https://github.com/openssl/openssl/pull/12063) Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12391) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 43bddc51e8..d56c0c540b 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -136,6 +136,8 @@ Reference Implementation: unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) { + your_type_t *key; /* something that you need to implement */ + if (enc) { /* create new session */ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) return -1; /* insufficient random */ @@ -154,21 +156,22 @@ Reference Implementation: } memcpy(key_name, key->name, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL); return 1; } else { /* retrieve session */ - key = findkey(name); + time_t t = time(NULL); + key = findkey(key_name); /* something that you need to implement */ - if (key == NULL || key->expire < now()) + if (key == NULL || key->expire < t) return 0; - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); - if (key->expire < now() - RENEW_TIME) { + if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */ /* * return 2 - This session will get a new ticket even though the * current one is still valid. From openssl at openssl.org Thu Jul 9 12:41:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 12:41:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1594298468.631376.22029.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=3085, 836 wallclock secs (12.37 usr 1.16 sys + 777.93 cusr 58.07 csys = 849.53 CPU) Result: FAIL Makefile:3134: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3132: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Thu Jul 9 15:52:49 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2020 15:52:49 +0000 Subject: [openssl] master update Message-ID: <1594309969.371720.28712.nullmailer@dev.openssl.org> The branch master has been updated via 2957150478260c8140eca389650956baa5195f15 (commit) from f6f159e7a133d1b2f82a82fab3f8c357a07b574f (commit) - Log ----------------------------------------------------------------- commit 2957150478260c8140eca389650956baa5195f15 Author: Shane Lontis Date: Thu Jul 9 23:04:02 2020 +1000 Fix wrong fipsinstall key used in test Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12402) ----------------------------------------------------------------------- Summary of changes: test/recipes/30-test_evp_libctx.t | 1 - 1 file changed, 1 deletion(-) diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t index 8fcc71a1cd..0d0a762900 100644 --- a/test/recipes/30-test_evp_libctx.t +++ b/test/recipes/30-test_evp_libctx.t @@ -38,7 +38,6 @@ unless ($no_fips) { '-out', bldtop_file('providers', 'fipsmodule.cnf'), '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_sect'])), "fipsinstall"); } From builds at travis-ci.com Thu Jul 9 18:29:03 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 09 Jul 2020 18:29:03 +0000 Subject: Errored: openssl/openssl#36028 (master - 2957150) In-Reply-To: Message-ID: <5f0761ef116aa_13f933b8a9888239471@travis-pro-tasks-6487cb6f7d-fxd8n.mail> Build Update for openssl/openssl ------------------------------------- Build: #36028 Status: Errored Duration: 1 hr, 14 mins, and 13 secs Commit: 2957150 (master) Author: Shane Lontis Message: Fix wrong fipsinstall key used in test Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12402) View the changeset: https://github.com/openssl/openssl/compare/f6f159e7a133...295715047826 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175014878?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 9 20:35:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 20:35:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1594326938.955181.22972.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=3221, 878 wallclock secs (12.64 usr 1.23 sys + 775.87 cusr 60.21 csys = 849.95 CPU) Result: FAIL Makefile:3126: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3124: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu Jul 9 21:01:50 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 09 Jul 2020 21:01:50 +0000 Subject: Build failed: openssl master.35488 Message-ID: <20200709210150.1.D1920E5306DC7BBD@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 9 22:56:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 09 Jul 2020 22:56:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1594335362.515764.918.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=204, Tests=2945, 751 wallclock secs ( 9.54 usr 1.37 sys + 691.77 cusr 48.95 csys = 751.63 CPU) Result: FAIL Makefile:2360: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2358: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 10 00:27:50 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 10 Jul 2020 00:27:50 +0000 Subject: Build failed: openssl master.35489 Message-ID: <20200710002750.1.1C727D47E2BA0AE9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 10 01:00:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 10 Jul 2020 01:00:01 +0000 Subject: Build completed: openssl master.35490 Message-ID: <20200710010001.1.58784498B2094594@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 10 04:50:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 04:50:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1594356637.606493.8904.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4133: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3103: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From dev at ddvo.net Fri Jul 10 07:16:41 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 10 Jul 2020 07:16:41 +0000 Subject: [openssl] master update Message-ID: <1594365401.016420.319.nullmailer@dev.openssl.org> The branch master has been updated via 851165946fef1f2f7bc2c0ac29824b1fd14bb8f5 (commit) from 2957150478260c8140eca389650956baa5195f15 (commit) - Log ----------------------------------------------------------------- commit 851165946fef1f2f7bc2c0ac29824b1fd14bb8f5 Author: Dr. David von Oheimb Date: Thu Jul 9 08:00:59 2020 +0200 ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h Fixes #12386 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12399) ----------------------------------------------------------------------- Summary of changes: include/openssl/ocsp.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index d5ccff0e8b..1c514efeee 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -17,6 +17,7 @@ # endif # include +# include /* for OSSL_HTTP_parse_url */ /* * These definitions are outside the OPENSSL_NO_OCSP guard because although for From builds at travis-ci.com Fri Jul 10 08:32:17 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 10 Jul 2020 08:32:17 +0000 Subject: Errored: openssl/openssl#36040 (master - 8511659) In-Reply-To: Message-ID: <5f082790241f1_13fbf3669d8383338f@travis-pro-tasks-7d9c85d98-vp5nv.mail> Build Update for openssl/openssl ------------------------------------- Build: #36040 Status: Errored Duration: 1 hr, 14 mins, and 24 secs Commit: 8511659 (master) Author: Dr. David von Oheimb Message: ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h Fixes #12386 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12399) View the changeset: https://github.com/openssl/openssl/compare/295715047826...851165946fef View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175109213?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 10 09:46:26 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 09:46:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1594374386.385503.13687.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4112: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3082: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Fri Jul 10 12:47:33 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 10 Jul 2020 12:47:33 +0000 Subject: Build failed: openssl master.35497 Message-ID: <20200710124733.1.D6E32BA92442D3E9@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 10 13:29:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 13:29:54 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1594387794.235966.29564.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 402711455A7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4057AC03687F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4057AC03687F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=204, Tests=3221, 1648 wallclock secs (13.02 usr 1.33 sys + 1571.30 cusr 74.42 csys = 1660.07 CPU) Result: FAIL Makefile:3130: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3128: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 10 13:29:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 10 Jul 2020 13:29:20 +0000 Subject: Build failed: openssl master.35499 Message-ID: <20200710132920.1.68776B7D537CA38B@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 10 13:53:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 13:53:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1594389216.263888.14033.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=204, Tests=3221, 859 wallclock secs (12.28 usr 1.24 sys + 767.23 cusr 52.68 csys = 833.43 CPU) Result: FAIL Makefile:3129: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3127: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 10 14:13:02 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 10 Jul 2020 14:13:02 +0000 Subject: Build completed: openssl master.35500 Message-ID: <20200710141302.1.2971568B1BF6A0D3@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 10 16:38:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 16:38:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1594399097.858922.4299.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=204, Tests=3218, 827 wallclock secs (12.59 usr 1.18 sys + 764.54 cusr 58.28 csys = 836.59 CPU) Result: FAIL Makefile:3131: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3129: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 10 19:17:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 19:17:34 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1594408654.875661.20894.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C05021C7F87F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C05021C7F87F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C05021C7F87F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/AgOVoOm0hW default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D0399A017F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D0399A017F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D0399A017F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D0399A017F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D0399A017F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D0399A017F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/AgOVoOm0hW fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=3220, 867 wallclock secs (13.07 usr 1.33 sys + 801.75 cusr 58.70 csys = 874.85 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 10 21:37:01 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 21:37:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1594417021.519206.23473.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020C5908C7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020C5908C7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020C5908C7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/KkP24lOu27 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0508BED927F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0508BED927F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0508BED927F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0508BED927F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0508BED927F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0508BED927F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/KkP24lOu27 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=3220, 844 wallclock secs (13.00 usr 1.24 sys + 779.37 cusr 59.97 csys = 853.58 CPU) Result: FAIL Makefile:3133: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3131: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 10 22:22:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 10 Jul 2020 22:22:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1594419775.223542.23780.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: eae4a00834 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) c8ea9bc670 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) e2cc68c8fd Fix CID 1465213: Integer handling issues (evp_extra_test.c) 5999d20ea8 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) 821278a885 Fix CID 1465214 Resource leak (in file_load.c) fd7d574dd9 Fix CID 1465215 : Explicit null dereferenced (in test) 84ba665d72 Fix CID #1465216 Resource leak in property_fetch 2f1d0b35c1 Ensure we excluse ec2m curves if ec2m is disabled 146aebc6a0 Add a test to check having a provider loaded without a groups still works 90a74d8c43 Fix an incorrect error flow in add_provider_groups 08a1c9f2e6 Fix OSSL_PROVIDER_get_capabilities() 163b801616 Add support to zeroize plaintext in S3 record layer 1c9761d0b5 [test][15-test_genec] Improve EC tests with genpkey 466d30c0d7 [apps/genpkey] exit status should not be 0 on output errors e0137ca92b [EC][ASN1] Detect missing OID when serializing EC parameters and keys 8c330e1939 improve SSL_CTX_set_tlsext_ticket_key_cb ref impl 2d9f56e999 Ensure TLS padding is added during encryption on the provider side b558817823 Convert SSLv3 handling to use provider side CBC/MAC removal 63ee6ec177 Ensure any allocated MAC is freed in the provider code f29dbb0866 Decreate the length after decryption for the stitched ciphers 09ce6e0854 Ensure the sslcorrupttest checks all errors on the queue ee0c849e5a Ensure GCM "update" failures return 0 on error 978cc3648d Ensure cipher_generic_initkey gets passed the actual provider ctx 1ae7354c04 Make the NULL cipher TLS aware 27d4c840fc Change ChaCha20-Poly1305 to be consistent with out ciphers 524cb684ac Make libssl start using the TLS provider CBC support e71fd827bc Add provider support for TLS CBC padding and MAC removal f0237a6c62 Remove SSL dependencies from tls_pad.c ebacd57bee Split the padding/mac removal functions out into a separate file ec27e619e8 Move MAC removal responsibility to the various protocol "enc" functions Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C06FA1F37F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0C06FA1F37F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0C06FA1F37F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C06FA1F37F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/dK8DxjacR_ default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A02B90CE7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A02B90CE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A02B90CE7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A02B90CE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/dK8DxjacR_ fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=204, Tests=3142, 786 wallclock secs (11.17 usr 1.24 sys + 724.94 cusr 54.67 csys = 792.02 CPU) Result: FAIL Makefile:3153: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3151: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Sat Jul 11 07:58:51 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 11 Jul 2020 07:58:51 +0000 Subject: [openssl] master update Message-ID: <1594454331.629723.22162.nullmailer@dev.openssl.org> The branch master has been updated via d685fc7a59699aeb17120aebd17a9175ce5930cd (commit) from 851165946fef1f2f7bc2c0ac29824b1fd14bb8f5 (commit) - Log ----------------------------------------------------------------- commit d685fc7a59699aeb17120aebd17a9175ce5930cd Author: Richard Levitte Date: Mon Jul 6 10:35:18 2020 +0200 DOC: install documentation without execution permissions. Fixes #12350 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12373) ----------------------------------------------------------------------- Summary of changes: Configurations/unix-Makefile.tmpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index a0c5081b04..441f83c345 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -863,28 +863,28 @@ install_man_docs: build_man_docs fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - chmod 755 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ + chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - chmod 755 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ + chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - chmod 755 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ + chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - chmod 755 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ + chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ done uninstall_man_docs: @@ -926,28 +926,28 @@ install_html_docs: build_html_docs fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - chmod 755 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - chmod 755 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - chmod 755 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - chmod 755 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ done uninstall_html_docs: From levitte at openssl.org Sat Jul 11 08:01:33 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 11 Jul 2020 08:01:33 +0000 Subject: [openssl] master update Message-ID: <1594454493.267192.24526.nullmailer@dev.openssl.org> The branch master has been updated via 310a0edbd003dd7c580ae3cf78f1782b2c3d9ded (commit) via e23d850ff3281220f33ed78d9ca4fcadfa279565 (commit) from d685fc7a59699aeb17120aebd17a9175ce5930cd (commit) - Log ----------------------------------------------------------------- commit 310a0edbd003dd7c580ae3cf78f1782b2c3d9ded Author: Richard Levitte Date: Thu Jul 9 08:40:50 2020 +0200 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() The code relied on B_ENDIAN being defined on all big-endian platform, which turned out to not always be the case. Fixes #12387 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12390) commit e23d850ff3281220f33ed78d9ca4fcadfa279565 Author: Richard Levitte Date: Thu Jul 9 08:37:46 2020 +0200 Add and use internal header that implements endianness check This moves test/ossl_test_endian.h to include/internal/endian.h and thereby makes the macros in there our standard way to check endianness in run-time. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12390) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 17 +-- crypto/chacha/chacha_enc.c | 8 +- crypto/evp/bio_ok.c | 12 +- crypto/evp/e_chacha20_poly1305.c | 15 +-- crypto/modes/ctr128.c | 12 +- crypto/modes/gcm128.c | 123 ++++++++------------- crypto/modes/siv128.c | 15 +-- crypto/modes/xts128.c | 12 +- crypto/sha/sha256.c | 10 +- crypto/sha/sha_local.h | 12 +- .../internal/endian.h | 4 +- .../ciphers/cipher_chacha20_poly1305_hw.c | 15 +-- providers/implementations/digests/blake2_impl.h | 29 ++--- providers/implementations/kdfs/kbkdf.c | 8 +- test/params_api_test.c | 2 +- 15 files changed, 105 insertions(+), 189 deletions(-) rename test/ossl_test_endian.h => include/internal/endian.h (88%) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index a0924d0e31..57783e47d8 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -10,6 +10,7 @@ #include #include #include "internal/cryptlib.h" +#include "internal/endian.h" #include "bn_local.h" #include #include "internal/constant_time.h" @@ -583,20 +584,20 @@ int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret) { -#ifdef B_ENDIAN + DECLARE_IS_ENDIAN; + + if (IS_LITTLE_ENDIAN) + return BN_lebin2bn(s, len, ret); return BN_bin2bn(s, len, ret); -#else - return BN_lebin2bn(s, len, ret); -#endif } int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen) { -#ifdef B_ENDIAN + DECLARE_IS_ENDIAN; + + if (IS_LITTLE_ENDIAN) + return BN_bn2lebinpad(a, to, tolen); return BN_bn2binpad(a, to, tolen); -#else - return BN_bn2lebinpad(a, to, tolen); -#endif } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c index 3cf5facd5e..86667cf9e2 100644 --- a/crypto/chacha/chacha_enc.c +++ b/crypto/chacha/chacha_enc.c @@ -11,6 +11,7 @@ #include +#include "internal/endian.h" #include "crypto/chacha.h" #include "crypto/ctype.h" @@ -43,10 +44,7 @@ static void chacha20_core(chacha_buf *output, const u32 input[16]) { u32 x[16]; int i; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; memcpy(x, input, sizeof(x)); @@ -61,7 +59,7 @@ static void chacha20_core(chacha_buf *output, const u32 input[16]) QUARTERROUND(3, 4, 9, 14); } - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { for (i = 0; i < 16; ++i) output->u[i] = x[i] + input[i]; } else { diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 492cbfe2f2..b6f85a1b92 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -76,6 +76,7 @@ #include "internal/bio.h" #include #include +#include "internal/endian.h" #include "crypto/evp.h" static int ok_write(BIO *h, const char *buf, int num); @@ -418,14 +419,9 @@ static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) static void longswap(void *_ptr, size_t len) { - const union { - long one; - char little; - } is_endian = { - 1 - }; - - if (is_endian.little) { + DECLARE_IS_ENDIAN; + + if (IS_LITTLE_ENDIAN) { size_t i; unsigned char *p = _ptr, c; diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index b7340b147d..95319245b6 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/endian.h" #ifndef OPENSSL_NO_CHACHA @@ -310,12 +311,9 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); } else { ctr[0] = (unsigned char)(actx->len.aad); @@ -426,10 +424,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } if (in == NULL /* explicit final */ || plen != len) { /* or tls mode */ - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; unsigned char temp[POLY1305_BLOCK_SIZE]; if (actx->aad) { /* wrap up aad */ @@ -443,7 +438,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, Poly1305_Update(POLY1305_ctx(actx), zero, POLY1305_BLOCK_SIZE - rem); - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { Poly1305_Update(POLY1305_ctx(actx), (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); } else { diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index ad25eb38dd..b902ee9b0b 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -9,6 +9,7 @@ #include #include +#include "internal/endian.h" #include "crypto/modes.h" #if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) @@ -39,14 +40,9 @@ static void ctr128_inc(unsigned char *counter) static void ctr128_inc_aligned(unsigned char *counter) { size_t *data, c, d, n; - const union { - long one; - char little; - } is_endian = { - 1 - }; - - if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) { + DECLARE_IS_ENDIAN; + + if (IS_LITTLE_ENDIAN || ((size_t)counter % sizeof(size_t)) != 0) { ctr128_inc(counter); return; } diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 0cefa1c865..4f52073d7f 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -10,6 +10,7 @@ #include #include #include "internal/cryptlib.h" +#include "internal/endian.h" #include "crypto/modes.h" #if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) @@ -105,10 +106,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) u128 Z = { 0, 0 }; const u8 *xi = (const u8 *)Xi + 15; size_t rem, n = *xi; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; static const size_t rem_8bit[256] = { PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), @@ -194,7 +192,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) Z.hi ^= (u64)rem_8bit[rem] << 32; } - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { # ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); @@ -274,12 +272,9 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2]) */ { int j; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) for (j = 0; j < 16; ++j) { V = Htable[j]; Htable[j].hi = V.lo; @@ -307,10 +302,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) u128 Z; int cnt = 15; size_t rem, nlo, nhi; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; nlo = ((const u8 *)Xi)[15]; nhi = nlo >> 4; @@ -350,7 +342,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) Z.lo ^= Htable[nlo].lo; } - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { # ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); @@ -386,10 +378,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], u128 Z; int cnt; size_t rem, nlo, nhi; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; # if 1 do { @@ -528,7 +517,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48; # endif - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { # ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); @@ -576,16 +565,13 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) long X; int i, j; const long *xi = (const long *)Xi; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; V.hi = H[0]; /* H is in host byte order, no byte swapping */ V.lo = H[1]; for (j = 0; j < 16 / sizeof(long); ++j) { - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { if (sizeof(long) == 8) { # ifdef BSWAP8 X = (long)(BSWAP8(xi[j])); @@ -609,7 +595,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) } } - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { # ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); @@ -718,10 +704,7 @@ void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; memset(ctx, 0, sizeof(*ctx)); ctx->block = block; @@ -729,7 +712,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) (*block) (ctx->H.c, ctx->H.c, key); - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { /* H is stored in host byte order */ #ifdef BSWAP8 ctx->H.u[0] = BSWAP8(ctx->H.u[0]); @@ -833,10 +816,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, size_t len) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; unsigned int ctr; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; @@ -875,7 +855,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, GCM_MUL(ctx); } len0 <<= 3; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { #ifdef BSWAP8 ctx->Xi.u[1] ^= BSWAP8(len0); #else @@ -894,7 +874,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, GCM_MUL(ctx); - if (is_endian.little) + if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 ctr = BSWAP4(ctx->Xi.d[3]); #else @@ -913,7 +893,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); #else @@ -988,10 +968,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; @@ -1030,7 +1007,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, ctx->ares = 0; } - if (is_endian.little) + if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); #else @@ -1091,7 +1068,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1118,7 +1095,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1141,7 +1118,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1160,7 +1137,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, if (len) { (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1191,7 +1168,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, if (n == 0) { (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); #else @@ -1223,10 +1200,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; @@ -1265,7 +1239,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, ctx->ares = 0; } - if (is_endian.little) + if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); #else @@ -1329,7 +1303,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1354,7 +1328,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1376,7 +1350,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1398,7 +1372,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if (len) { (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1432,7 +1406,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if (n == 0) { (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); #else @@ -1469,10 +1443,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, #if defined(OPENSSL_SMALL_FOOTPRINT) return CRYPTO_gcm128_encrypt(ctx, in, out, len); #else - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; @@ -1510,7 +1481,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, ctx->ares = 0; } - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); # else @@ -1558,7 +1529,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, while (len >= GHASH_CHUNK) { (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1578,7 +1549,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*stream) (in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1603,7 +1574,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, if (len) { (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1633,10 +1604,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, #if defined(OPENSSL_SMALL_FOOTPRINT) return CRYPTO_gcm128_decrypt(ctx, in, out, len); #else - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; @@ -1674,7 +1642,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, ctx->ares = 0; } - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); # else @@ -1725,7 +1693,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, GHASH(ctx, in, GHASH_CHUNK); (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1757,7 +1725,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, # endif (*stream) (in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1772,7 +1740,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, if (len) { (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) # ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); # else @@ -1800,10 +1768,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, size_t len) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; u64 alen = ctx->len.u[0] << 3; u64 clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT @@ -1835,7 +1800,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, GCM_MUL(ctx); #endif - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { #ifdef BSWAP8 alen = BSWAP8(alen); clen = BSWAP8(clen); diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index 72ae624cc3..f7fadf26d4 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -13,6 +13,7 @@ #include #include #include +#include "internal/endian.h" #include "crypto/modes.h" #include "crypto/siv.h" @@ -40,24 +41,18 @@ __owur static ossl_inline uint64_t byteswap8(uint64_t x) __owur static ossl_inline uint64_t siv128_getword(SIV_BLOCK const *b, size_t i) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) return byteswap8(b->word[i]); return b->word[i]; } static ossl_inline void siv128_putword(SIV_BLOCK *b, size_t i, uint64_t x) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) + if (IS_LITTLE_ENDIAN) b->word[i] = byteswap8(x); else b->word[i] = x; diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 0dec42c310..55b81366bf 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -9,6 +9,7 @@ #include #include +#include "internal/endian.h" #include "crypto/modes.h" #ifndef STRICT_ALIGNMENT @@ -24,12 +25,7 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char *inp, unsigned char *out, size_t len, int enc) { - const union { - long one; - char little; - } is_endian = { - 1 - }; + DECLARE_IS_ENDIAN; union { u64 u[2]; u32 d[4]; @@ -72,7 +68,7 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, if (len == 0) return 0; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { unsigned int carry, res; res = 0x87 & (((int)tweak.d[3]) >> 31); @@ -111,7 +107,7 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u8 c[16]; } tweak1; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { unsigned int carry, res; res = 0x87 & (((int)tweak.d[3]) >> 31); diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index d16a9c91b2..4fa68953d1 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -21,6 +21,7 @@ #include #include #include +#include "internal/endian.h" int SHA224_Init(SHA256_CTX *c) { @@ -256,12 +257,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, SHA_LONG X[16]; int i; const unsigned char *data = in; - const union { - long one; - char little; - } is_endian = { - 1 - }; + DECLARE_IS_ENDIAN; while (num--) { @@ -274,7 +270,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, g = ctx->h[6]; h = ctx->h[7]; - if (!is_endian.little && sizeof(SHA_LONG) == 4 + if (!IS_LITTLE_ENDIAN && sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) { const SHA_LONG *W = (const SHA_LONG *)data; diff --git a/crypto/sha/sha_local.h b/crypto/sha/sha_local.h index f7c0ac707b..d592a829f4 100644 --- a/crypto/sha/sha_local.h +++ b/crypto/sha/sha_local.h @@ -12,6 +12,7 @@ #include #include +#include "internal/endian.h" #define DATA_ORDER_IS_BIG_ENDIAN @@ -151,14 +152,9 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) E = c->h4; for (;;) { - const union { - long one; - char little; - } is_endian = { - 1 - }; - - if (!is_endian.little && sizeof(SHA_LONG) == 4 + DECLARE_IS_ENDIAN; + + if (!IS_LITTLE_ENDIAN && sizeof(SHA_LONG) == 4 && ((size_t)p % 4) == 0) { const SHA_LONG *W = (const SHA_LONG *)data; diff --git a/test/ossl_test_endian.h b/include/internal/endian.h similarity index 88% rename from test/ossl_test_endian.h rename to include/internal/endian.h index 38711d0d76..6027bd65de 100644 --- a/test/ossl_test_endian.h +++ b/include/internal/endian.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OSSL_TEST_OSSL_TEST_ENDIAN_H -# define OSSL_TEST_OSSL_TEST_ENDIAN_H +#ifndef OSSL_INTERNAL_ENDIAN_H +# define OSSL_INTERNAL_ENDIAN_H # define DECLARE_IS_ENDIAN \ const union { \ diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c index 70ffaf1588..bd99a9fb4e 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c @@ -9,6 +9,7 @@ /* chacha20_poly1305 cipher implementation */ +#include "internal/endian.h" #include "cipher_chacha20_poly1305.h" static int chacha_poly1305_tls_init(PROV_CIPHER_CTX *bctx, @@ -117,10 +118,7 @@ static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx, size_t tail, tohash_len, buf_len, plen = ctx->tls_payload_length; unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32]; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; if (len != plen + POLY1305_BLOCK_SIZE) return 0; @@ -214,7 +212,7 @@ static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx, Poly1305_Update(poly, zero, tail); } - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { memcpy(ctr, (unsigned char *)&ctx->len, POLY1305_BLOCK_SIZE); } else { ctr[0] = (unsigned char)(ctx->len.aad); @@ -273,10 +271,7 @@ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx, size_t olen = 0; int rv = 0; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; if (!ctx->mac_inited) { #if !defined(OPENSSL_SMALL_FOOTPRINT) @@ -347,7 +342,7 @@ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx, if ((rem = (size_t)ctx->len.text % POLY1305_BLOCK_SIZE)) Poly1305_Update(poly, zero, POLY1305_BLOCK_SIZE - rem); - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { Poly1305_Update(poly, (unsigned char *)&ctx->len, POLY1305_BLOCK_SIZE); } else { diff --git a/providers/implementations/digests/blake2_impl.h b/providers/implementations/digests/blake2_impl.h index 52477a8fe2..aa6d8a3075 100644 --- a/providers/implementations/digests/blake2_impl.h +++ b/providers/implementations/digests/blake2_impl.h @@ -15,15 +15,13 @@ */ #include +#include "internal/endian.h" static ossl_inline uint32_t load32(const uint8_t *src) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { uint32_t w; memcpy(&w, src, sizeof(w)); return w; @@ -38,12 +36,9 @@ static ossl_inline uint32_t load32(const uint8_t *src) static ossl_inline uint64_t load64(const uint8_t *src) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { uint64_t w; memcpy(&w, src, sizeof(w)); return w; @@ -62,12 +57,9 @@ static ossl_inline uint64_t load64(const uint8_t *src) static ossl_inline void store32(uint8_t *dst, uint32_t w) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { memcpy(dst, &w, sizeof(w)); } else { uint8_t *p = (uint8_t *)dst; @@ -80,12 +72,9 @@ static ossl_inline void store32(uint8_t *dst, uint32_t w) static ossl_inline void store64(uint8_t *dst, uint64_t w) { - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (is_endian.little) { + if (IS_LITTLE_ENDIAN) { memcpy(dst, &w, sizeof(w)); } else { uint8_t *p = (uint8_t *)dst; diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index f3f3d9a609..9cf18d84a2 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -37,6 +37,7 @@ #include "internal/cryptlib.h" #include "crypto/evp.h" #include "internal/numbers.h" +#include "internal/endian.h" #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" @@ -80,12 +81,9 @@ static OSSL_FUNC_kdf_set_ctx_params_fn kbkdf_set_ctx_params; static uint32_t be32(uint32_t host) { uint32_t big = 0; - const union { - long one; - char little; - } is_endian = { 1 }; + DECLARE_IS_ENDIAN; - if (!is_endian.little) + if (!IS_LITTLE_ENDIAN) return host; big |= (host & 0xff000000) >> 24; diff --git a/test/params_api_test.c b/test/params_api_test.c index 8ba05120c3..7ad974b02a 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -11,7 +11,7 @@ #include #include "testutil.h" #include "internal/nelem.h" -#include "ossl_test_endian.h" +#include "internal/endian.h" #include #include From builds at travis-ci.com Sat Jul 11 09:13:10 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 11 Jul 2020 09:13:10 +0000 Subject: Errored: openssl/openssl#36050 (master - d685fc7) In-Reply-To: Message-ID: <5f0982a48a0ae_13ff019a0a3181137a5@travis-pro-tasks-847d7d9474-nkc2t.mail> Build Update for openssl/openssl ------------------------------------- Build: #36050 Status: Errored Duration: 1 hr, 12 mins, and 54 secs Commit: d685fc7 (master) Author: Richard Levitte Message: DOC: install documentation without execution permissions. Fixes #12350 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12373) View the changeset: https://github.com/openssl/openssl/compare/851165946fef...d685fc7a5969 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175256776?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Jul 11 10:13:18 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 11 Jul 2020 10:13:18 +0000 Subject: Errored: openssl/openssl#36051 (master - 310a0ed) In-Reply-To: Message-ID: <5f0990be448c0_13ff019a0a19c157171@travis-pro-tasks-847d7d9474-nkc2t.mail> Build Update for openssl/openssl ------------------------------------- Build: #36051 Status: Errored Duration: 1 hr, 17 mins, and 21 secs Commit: 310a0ed (master) Author: Richard Levitte Message: BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() The code relied on B_ENDIAN being defined on all big-endian platform, which turned out to not always be the case. Fixes #12387 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12390) View the changeset: https://github.com/openssl/openssl/compare/d685fc7a5969...310a0edbd003 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175256926?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kaduk at mit.edu Sat Jul 11 22:31:33 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sat, 11 Jul 2020 22:31:33 +0000 Subject: [openssl] master update Message-ID: <1594506693.587901.27102.nullmailer@dev.openssl.org> The branch master has been updated via 661595ca0933fe631faeadd14a189acd5d4185e0 (commit) from 310a0edbd003dd7c580ae3cf78f1782b2c3d9ded (commit) - Log ----------------------------------------------------------------- commit 661595ca0933fe631faeadd14a189acd5d4185e0 Author: Benjamin Kaduk Date: Thu Jul 2 12:14:52 2020 -0700 Providerized libssl fallout: cleanup init Since libssl is entirely using fetched cipher/digest implementations from providers, we don't need to register the libcrypto cipher/digest implementations in ossl_init_ssl_base(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12418) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_init.c | 61 ---------------------------------------------------------- 1 file changed, 61 deletions(-) diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index d9d27520c2..c48a17b546 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -24,67 +24,6 @@ static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; static int ssl_base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) { - OSSL_TRACE(INIT, "ossl_init_ssl_base: adding SSL ciphers and digests\n"); -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); -#endif -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_cbc()); -#endif -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); -# ifndef OPENSSL_NO_MD5 - EVP_add_cipher(EVP_rc4_hmac_md5()); -# endif -#endif -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_cbc()); - /* - * Not actually used for SSL/TLS but this makes PKCS#12 work if an - * application only calls SSL_library_init(). - */ - EVP_add_cipher(EVP_rc2_40_cbc()); -#endif - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_128_gcm()); - EVP_add_cipher(EVP_aes_256_gcm()); - EVP_add_cipher(EVP_aes_128_ccm()); - EVP_add_cipher(EVP_aes_256_ccm()); - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -#ifndef OPENSSL_NO_ARIA - EVP_add_cipher(EVP_aria_128_gcm()); - EVP_add_cipher(EVP_aria_256_gcm()); -#endif -#ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_cbc()); - EVP_add_cipher(EVP_camellia_256_cbc()); -#endif -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - EVP_add_cipher(EVP_chacha20_poly1305()); -#endif - -#ifndef OPENSSL_NO_SEED - EVP_add_cipher(EVP_seed_cbc()); -#endif - -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5, "ssl3-md5"); - EVP_add_digest(EVP_md5_sha1()); -#endif - EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ - EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); #ifndef OPENSSL_NO_COMP OSSL_TRACE(INIT, "ossl_init_ssl_base: " "SSL_COMP_get_compression_methods()\n"); From builds at travis-ci.com Sun Jul 12 00:26:25 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 12 Jul 2020 00:26:25 +0000 Subject: Errored: openssl/openssl#36056 (master - 661595c) In-Reply-To: Message-ID: <5f0a58b154491_13fea93ca985c920f0@travis-pro-tasks-78749c45c9-rsnrd.mail> Build Update for openssl/openssl ------------------------------------- Build: #36056 Status: Errored Duration: 1 hr, 53 mins, and 30 secs Commit: 661595c (master) Author: Benjamin Kaduk Message: Providerized libssl fallout: cleanup init Since libssl is entirely using fetched cipher/digest implementations from providers, we don't need to register the libcrypto cipher/digest implementations in ossl_init_ssl_base(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12418) View the changeset: https://github.com/openssl/openssl/compare/310a0edbd003...661595ca0933 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175285371?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 12 07:51:56 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 12 Jul 2020 07:51:56 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5f0ac11be2432_3690e62b08ab56cf5057f9@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3De-QD_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHubdXpS1JjndGvfkwJBZNGy4iSaGCcd-2B78DlKmzh2vacvAQUtIb634aMQ7ItHSmWv1xjK2aoiFhoj5qPtJghOEChu6kiwRxVOyvgVyTeStnuO9O-2BwZdUWN-2BnUDMCEHzh4uV-2FIKi9-2BYtBEc6ICbW4WfSCgxQaDG2ibsJmelYt7fmf2N1QEy5JFYYbQwAKMpmj4-3D Build ID: 326118 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jul 12 07:55:57 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 12 Jul 2020 07:55:57 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5f0ac20d42b3c_3692ef2b08ab56cf5057b7@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DKZVQ_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHhSIarmdEjKpkUdsCgjLFvIoVyib8OugMh08HB1NQ7IEwnCAfXtSPjDrHcBVZg-2BVGMQ1EfhpCCVRqXeajensznGAYCehAk3rUMcHBepGrFPCIWmUka6pV0O86viFFwLqgjC7srBSGOcVRA-2BGn8Ma7uxTOogwRobYU2fBUe-2B9CZlVUNs7mXopuyyb1cbjGB4l4-3D Build ID: 326117 Analysis Summary: New defects found: 0 Defects eliminated: 6 From beldmit at gmail.com Sun Jul 12 08:04:56 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sun, 12 Jul 2020 08:04:56 +0000 Subject: [openssl] master update Message-ID: <1594541096.869506.27897.nullmailer@dev.openssl.org> The branch master has been updated via a01cae99ac384cb6a74b46ccdc90736fe0754958 (commit) from 661595ca0933fe631faeadd14a189acd5d4185e0 (commit) - Log ----------------------------------------------------------------- commit a01cae99ac384cb6a74b46ccdc90736fe0754958 Author: Billy Brumley Date: Tue Jun 9 13:16:15 2020 +0300 [test] ectest: check custom generators Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12096) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/test/ectest.c b/test/ectest.c index 2fdf339271..8cceaa67e7 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -2337,6 +2337,89 @@ static int ec_point_hex2point_test(int id) return ret; } +/* + * check the EC_METHOD respects the supplied EC_GROUP_set_generator G + */ +static int custom_generator_test(int id) +{ + int ret = 0, nid, bsize; + EC_GROUP *group = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *b1 = NULL, *b2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + BN_CTX_start(ctx); + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) ? + BN_num_bytes(EC_GROUP_get0_field(group)) : + (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 2 * bsize + 1; + + if (!TEST_ptr(k = BN_CTX_get(ctx)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + || !TEST_ptr(Q1 = EC_POINT_new(group)) + /* Q1 := kG */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, b1, + bsize, ctx), bsize) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), + ctx)) + || !TEST_true(EC_GROUP_set_generator(group, G2, + EC_GROUP_get0_order(group), + EC_GROUP_get0_cofactor(group))) + || !TEST_ptr(Q2 = EC_POINT_new(group)) + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 */ + || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, b2, + bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + BN_CTX_free(ctx); + OPENSSL_free(b1); + OPENSSL_free(b2); + + return ret; +} + #endif /* OPENSSL_NO_EC */ int setup_tests(void) @@ -2364,6 +2447,7 @@ int setup_tests(void) ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); + ADD_ALL_TESTS(custom_generator_test, crv_len); #endif /* OPENSSL_NO_EC */ return 1; } From beldmit at gmail.com Sun Jul 12 08:11:49 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sun, 12 Jul 2020 08:11:49 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594541509.566431.32337.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 2688dfb077f32b45bfaff48bf88e82e18ddc9fe5 (commit) from 32adaca4a15a347f6f7a515c7ea9c76403c976f1 (commit) - Log ----------------------------------------------------------------- commit 2688dfb077f32b45bfaff48bf88e82e18ddc9fe5 Author: Billy Brumley Date: Tue Jun 9 13:16:15 2020 +0300 [test] ectest: check custom generators Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12096) (cherry picked from commit a01cae99ac384cb6a74b46ccdc90736fe0754958) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/test/ectest.c b/test/ectest.c index 5c01cc95dd..43c8dfb303 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -2099,6 +2099,89 @@ static int ec_point_hex2point_test(int id) return ret; } +/* + * check the EC_METHOD respects the supplied EC_GROUP_set_generator G + */ +static int custom_generator_test(int id) +{ + int ret = 0, nid, bsize; + EC_GROUP *group = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *b1 = NULL, *b2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + BN_CTX_start(ctx); + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) ? + BN_num_bytes(EC_GROUP_get0_field(group)) : + (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 2 * bsize + 1; + + if (!TEST_ptr(k = BN_CTX_get(ctx)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + || !TEST_ptr(Q1 = EC_POINT_new(group)) + /* Q1 := kG */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, b1, + bsize, ctx), bsize) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), + ctx)) + || !TEST_true(EC_GROUP_set_generator(group, G2, + EC_GROUP_get0_order(group), + EC_GROUP_get0_cofactor(group))) + || !TEST_ptr(Q2 = EC_POINT_new(group)) + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 */ + || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, b2, + bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + BN_CTX_free(ctx); + OPENSSL_free(b1); + OPENSSL_free(b2); + + return ret; +} + #endif /* OPENSSL_NO_EC */ int setup_tests(void) @@ -2126,6 +2209,7 @@ int setup_tests(void) ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); + ADD_ALL_TESTS(custom_generator_test, crv_len); #endif /* OPENSSL_NO_EC */ return 1; } From builds at travis-ci.com Sun Jul 12 09:18:14 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 12 Jul 2020 09:18:14 +0000 Subject: Errored: openssl/openssl#36058 (master - a01cae9) In-Reply-To: Message-ID: <5f0ad55687648_13fee96dada0862825@travis-pro-tasks-74b5c7954b-kq9vf.mail> Build Update for openssl/openssl ------------------------------------- Build: #36058 Status: Errored Duration: 1 hr, 11 mins, and 59 secs Commit: a01cae9 (master) Author: Billy Brumley Message: [test] ectest: check custom generators Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12096) View the changeset: https://github.com/openssl/openssl/compare/661595ca0933...a01cae99ac38 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175297209?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Jul 12 09:19:10 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 12 Jul 2020 09:19:10 +0000 Subject: Broken: openssl/openssl#36059 (OpenSSL_1_1_1-stable - 2688dfb) In-Reply-To: Message-ID: <5f0ad58dd4659_13ff764ca821c6053c@travis-pro-tasks-74b5c7954b-7wsvm.mail> Build Update for openssl/openssl ------------------------------------- Build: #36059 Status: Broken Duration: 25 mins and 7 secs Commit: 2688dfb (OpenSSL_1_1_1-stable) Author: Billy Brumley Message: [test] ectest: check custom generators Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12096) (cherry picked from commit a01cae99ac384cb6a74b46ccdc90736fe0754958) View the changeset: https://github.com/openssl/openssl/compare/32adaca4a15a...2688dfb077f3 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175297355?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 12 09:34:17 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 12 Jul 2020 09:34:17 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.35514 Message-ID: <20200712093417.1.AF4B44FB037C7894@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 12 10:03:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 12 Jul 2020 10:03:18 +0000 Subject: Build completed: openssl master.35515 Message-ID: <20200712100318.1.25CB0A1112BFBE30@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sun Jul 12 23:56:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 12 Jul 2020 23:56:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1594598172.690545.16233.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80E76E7DC37F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 800772D9B47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 800772D9B47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3017, 1683 wallclock secs (11.70 usr 1.52 sys + 1517.83 cusr 151.19 csys = 1682.24 CPU) Result: FAIL Makefile:2497: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2495: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 13 01:49:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 01:49:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1594604971.484460.13356.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3087, 840 wallclock secs (12.61 usr 1.06 sys + 779.41 cusr 57.66 csys = 850.74 CPU) Result: FAIL Makefile:3137: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3135: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 13 07:14:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 07:14:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1594624490.477344.21771.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): C0D0D897957F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0D897957F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0D897957F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0D0D897957F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C0D0D897957F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0D897957F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0D897957F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0D897957F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0D897957F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0D897957F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0103169A47F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0804552C97F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3120, 842 wallclock secs (12.39 usr 1.27 sys + 791.92 cusr 56.38 csys = 861.96 CPU) Result: FAIL Makefile:3080: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3078: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 13 07:38:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 07:38:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1594625897.998833.5886.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3220, 842 wallclock secs (12.46 usr 1.26 sys + 783.89 cusr 59.58 csys = 857.19 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 13 07:44:26 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 07:44:26 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1594626266.255161.22497.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_protect_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_protect_test \ test/cmp_protect_test-bin-cmp_protect_test.o \ test/cmp_protect_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_server_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_server_test \ test/cmp_server_test-bin-cmp_server_test.o \ test/cmp_server_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_status_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_status_test \ test/cmp_status_test-bin-cmp_status_test.o \ test/cmp_status_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_vfy_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_vfy_test \ test/cmp_vfy_test-bin-cmp_testlib.o \ test/cmp_vfy_test-bin-cmp_vfy_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/context_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/context_internal_test \ test/context_internal_test-bin-context_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ctype_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ctype_internal_test \ test/ctype_internal_test-bin-ctype_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/curve448_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/curve448_internal_test \ test/curve448_internal_test-bin-curve448_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/destest rm -f test/dhtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/destest \ test/destest-bin-destest.o \ test/libtestutil.a libcrypto.a -ldl -pthread ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dhtest \ test/dhtest-bin-dhtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/drbgtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/drbgtest \ test/drbgtest-bin-drbgtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsa_no_digest_size_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsa_no_digest_size_test \ test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsatest \ test/dsatest-bin-dsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ec_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ec_internal_test \ test/ec_internal_test-bin-ec_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ecdsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ecdsatest \ test/ecdsatest-bin-ecdsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_libctx_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_libctx_test \ test/evp_libctx_test-bin-evp_libctx_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_pkey_provided_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_pkey_provided_test \ test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x0): undefined reference to `_bignum_dh2048_256_p' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x8): undefined reference to `_bignum_dh2048_256_q' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x10): undefined reference to `_bignum_dh2048_256_g' rm -f test/ffc_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ffc_internal_test \ test/ffc_internal_test-bin-ffc_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:25577: recipe for target 'test/evp_libctx_test' failed make[1]: *** [test/evp_libctx_test] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3060: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Jul 13 07:46:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 07:46:42 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1594626402.495989.4865.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmactest-bin-cmactest.d.tmp -MT test/cmactest-bin-cmactest.o -c -o test/cmactest-bin-cmactest.o ../openssl/test/cmactest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_asn_test.d.tmp -MT test/cmp_asn_test-bin-cmp_asn_test.o -c -o test/cmp_asn_test-bin-cmp_asn_test.o ../openssl/test/cmp_asn_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_testlib.d.tmp -MT test/cmp_asn_test-bin-cmp_testlib.o -c -o test/cmp_asn_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_client_test.d.tmp -MT test/cmp_client_test-bin-cmp_client_test.o -c -o test/cmp_client_test-bin-cmp_client_test.o ../openssl/test/cmp_client_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_testlib.d.tmp -MT test/cmp_client_test-bin-cmp_testlib.o -c -o test/cmp_client_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_ctx_test.d.tmp -MT test/cmp_ctx_test-bin-cmp_ctx_test.o -c -o test/cmp_ctx_test-bin-cmp_ctx_test.o ../openssl/test/cmp_ctx_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_testlib.d.tmp -MT test/cmp_ctx_test-bin-cmp_testlib.o -c -o test/cmp_ctx_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_hdr_test.d.tmp -MT test/cmp_hdr_test-bin-cmp_hdr_test.o -c -o test/cmp_hdr_test-bin-cmp_hdr_test.o ../openssl/test/cmp_hdr_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_testlib.d.tmp -MT test/cmp_hdr_test-bin-cmp_testlib.o -c -o test/cmp_hdr_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_msg_test.d.tmp -MT test/cmp_msg_test-bin-cmp_msg_test.o -c -o test/cmp_msg_test-bin-cmp_msg_test.o ../openssl/test/cmp_msg_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_testlib.d.tmp -MT test/cmp_msg_test-bin-cmp_testlib.o -c -o test/cmp_msg_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_protect_test.d.tmp -MT test/cmp_protect_test-bin-cmp_protect_test.o -c -o test/cmp_protect_test-bin-cmp_protect_test.o ../openssl/test/cmp_protect_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_testlib.d.tmp -MT test/cmp_protect_test-bin-cmp_testlib.o -c -o test/cmp_protect_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/cmp_server_test-bin-cmp_testlib.o -c -o test/cmp_server_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/cmp_status_test-bin-cmp_testlib.o -c -o test/cmp_status_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_testlib.d.tmp -MT test/cmp_vfy_test-bin-cmp_testlib.o -c -o test/cmp_vfy_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/confdump-bin-confdump.d.tmp -MT test/confdump-bin-confdump.o -c -o test/confdump-bin-confdump.o ../openssl/test/confdump.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Itest -I. -Iapps/include -I../openssl/include -I../openssl/test -I../openssl -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_extra_test-bin-drbg_extra_test.d.tmp -MT test/drbg_extra_test-bin-drbg_extra_test.o -c -o test/drbg_extra_test-bin-drbg_extra_test.o ../openssl/test/drbg_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test2-bin-evp_extra_test2.d.tmp -MT test/evp_extra_test2-bin-evp_extra_test2.o -c -o test/evp_extra_test2-bin-evp_extra_test2.o ../openssl/test/evp_extra_test2.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_fetch_prov_test-bin-evp_fetch_prov_test.d.tmp -MT test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o -c -o test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o ../openssl/test/evp_fetch_prov_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_libctx_test-bin-evp_libctx_test.d.tmp -MT test/evp_libctx_test-bin-evp_libctx_test.o -c -o test/evp_libctx_test-bin-evp_libctx_test.o ../openssl/test/evp_libctx_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.d.tmp -MT test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o -c -o test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o ../openssl/test/evp_pkey_dparams_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_provided_test-bin-evp_pkey_provided_test.d.tmp -MT test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o -c -o test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o ../openssl/test/evp_pkey_provided_test.c ../openssl/test/evp_libctx_test.c:156:27: error: implicit declaration of function 'DH_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:156:27: note: did you mean 'BN_new'? ../openssl/include/openssl/bn.h:230:9: note: 'BN_new' declared here BIGNUM *BN_new(void); ^ ../openssl/test/evp_libctx_test.c:156:27: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:156:25: error: incompatible integer to pointer conversion assigning to 'DH *' (aka 'struct dh_st *') from 'int' [-Werror,-Wint-conversion] || !TEST_ptr(dh = DH_new()) ^ ~~~~~~~~ ../openssl/test/testutil.h:436:64: note: expanded from macro 'TEST_ptr' # define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) ^ ../openssl/test/evp_libctx_test.c:160:23: error: implicit declaration of function 'DH_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_true(DH_set0_pqg(dh, p, q, g))) ^ clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_test-bin-evp_test.d.tmp -MT test/evp_test-bin-evp_test.o -c -o test/evp_test-bin-evp_test.o ../openssl/test/evp_test.c ../openssl/test/evp_libctx_test.c:160:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/test/evp_libctx_test.c:177:5: error: implicit declaration of function 'DH_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DH_free(dh); ^ ../openssl/test/evp_libctx_test.c:177:5: note: did you mean 'BN_free'? ../openssl/include/openssl/bn.h:291:6: note: 'BN_free' declared here void BN_free(BIGNUM *a); ^ ../openssl/test/evp_libctx_test.c:177:5: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] DH_free(dh); ^ 7 errors generated. Makefile:25584: recipe for target 'test/evp_libctx_test-bin-evp_libctx_test.o' failed make[1]: *** [test/evp_libctx_test-bin-evp_libctx_test.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3069: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Jul 13 09:04:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 09:04:21 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1594631061.577915.7782.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): 70-test_sslversions.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t (Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 12 Failed: 2) Failed tests: 5, 8 Non-zero exit status: 2 Files=205, Tests=2031, 472 wallclock secs ( 7.21 usr 1.10 sys + 401.79 cusr 43.03 csys = 453.13 CPU) Result: FAIL Makefile:3122: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3120: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 13 10:55:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 13 Jul 2020 10:55:25 +0000 Subject: Build failed: openssl master.35528 Message-ID: <20200713105525.1.E852BBE072F5D496@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 13 11:57:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 11:57:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1594641451.331448.17781.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3087, 835 wallclock secs (12.43 usr 1.19 sys + 777.29 cusr 57.66 csys = 848.57 CPU) Result: FAIL Makefile:3124: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3122: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 13 12:25:58 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 13 Jul 2020 12:25:58 +0000 Subject: Build completed: openssl master.35529 Message-ID: <20200713122558.1.F66A403E40DB68C0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 13 17:46:47 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 13 Jul 2020 17:46:47 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.35533 Message-ID: <20200713174647.1.2092D9D2848AAB7F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 13 18:23:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 13 Jul 2020 18:23:18 +0000 Subject: Build completed: openssl master.35534 Message-ID: <20200713182318.1.475B5CA4CBF86990@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 13 19:55:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 19:55:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1594670100.930627.19093.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3223, 884 wallclock secs (12.92 usr 1.41 sys + 776.64 cusr 62.26 csys = 853.23 CPU) Result: FAIL Makefile:3131: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3129: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 13 20:03:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 13 Jul 2020 20:03:18 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.35537 Message-ID: <20200713200318.1.429F643344C84F1B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 13 20:36:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 13 Jul 2020 20:36:11 +0000 Subject: Build completed: openssl master.35538 Message-ID: <20200713203611.1.9E3A40CC673A845C@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 13 22:17:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 13 Jul 2020 22:17:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1594678629.429040.31440.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=205, Tests=2946, 764 wallclock secs ( 9.95 usr 1.26 sys + 703.54 cusr 51.25 csys = 766.00 CPU) Result: FAIL Makefile:2372: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2370: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 14 04:22:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 04:22:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1594700537.806375.8121.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4132: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3102: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From pauli at openssl.org Tue Jul 14 04:33:21 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 14 Jul 2020 04:33:21 +0000 Subject: [openssl] master update Message-ID: <1594701201.168178.5290.nullmailer@dev.openssl.org> The branch master has been updated via d35bab46c9e5edfeadc756bac9dc38213f172c07 (commit) from a01cae99ac384cb6a74b46ccdc90736fe0754958 (commit) - Log ----------------------------------------------------------------- commit d35bab46c9e5edfeadc756bac9dc38213f172c07 Author: Daniel Bevenius Date: Thu Jul 9 07:26:38 2020 +0200 Configurations: make Makefile tmpl files non-links This commit updates Configurations/README.md and turns the Makefile templates into non-links. The motivation for this is that not all template exist in the directory leading to 404 Not found errors when accessed. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12401) ----------------------------------------------------------------------- Summary of changes: Configurations/README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Configurations/README.md b/Configurations/README.md index 3fa80a3fab..be8c394d08 100644 --- a/Configurations/README.md +++ b/Configurations/README.md @@ -481,11 +481,9 @@ template file in `Configurations/` named like the build file, with `.tmpl` appended, or in case of possible ambiguity, a combination of the second `build_scheme` list item and the `build_file` name. For example, if `build_file` is set to `Makefile`, the template could be -[`Configurations/Makefile.tmpl`](Makefile.tmpl) or -[`Configurations/unix-Makefile.tmpl`](unix-Makefile.tmpl). -In case both [`Configurations/unix-Makefile.tmpl`](Makefile.tmpl) and -[`Configurations/Makefile.tmpl`](Makefile.tmpl) are present, the former takes -precedence. +`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`. +In case both `Configurations/unix-Makefile.tmpl` and +`Configurations/Makefile.tmpl` are present, the former takes precedence. The build-file template is processed with the perl module Text::Template, using `{-` and `-}` as delimiters that enclose the From builds at travis-ci.com Tue Jul 14 05:47:43 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 14 Jul 2020 05:47:43 +0000 Subject: Errored: openssl/openssl#36090 (master - d35bab4) In-Reply-To: Message-ID: <5f0d46fe9b70d_13fb4a17a6b98757d0@travis-pro-tasks-56f9668c68-rnvjp.mail> Build Update for openssl/openssl ------------------------------------- Build: #36090 Status: Errored Duration: 1 hr, 12 mins, and 46 secs Commit: d35bab4 (master) Author: Daniel Bevenius Message: Configurations: make Makefile tmpl files non-links This commit updates Configurations/README.md and turns the Makefile templates into non-links. The motivation for this is that not all template exist in the directory leading to 404 Not found errors when accessed. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12401) View the changeset: https://github.com/openssl/openssl/compare/a01cae99ac38...d35bab46c9e5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175495743?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Tue Jul 14 08:15:47 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 14 Jul 2020 08:15:47 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594714547.286330.30417.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a5b8c19cdab4e330af0377e2fa0fdd1de2f67d59 (commit) from 2688dfb077f32b45bfaff48bf88e82e18ddc9fe5 (commit) - Log ----------------------------------------------------------------- commit a5b8c19cdab4e330af0377e2fa0fdd1de2f67d59 Author: Nicola Tuveri Date: Mon Jul 13 19:22:18 2020 +0300 [1.1.1][test] Avoid missing EC_GROUP wrappers Backport of https://github.com/openssl/openssl/pull/12096 to 1.1.1 broke the build as the following functions are missing: const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); int EC_GROUP_get_field_type(const EC_GROUP *group); Turns out that for the purposes of the test code, we don't really need to differentiate between prime and binary fields, and we can directly use the existing `EC_GROUP_get_degree()` in the same fashion as was being done for binary fields also for prime fields. Fixes https://github.com/openssl/openssl/issues/12432 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12433) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/ectest.c b/test/ectest.c index 43c8dfb303..d33285ae14 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -2123,9 +2123,7 @@ static int custom_generator_test(int id) goto err; /* expected byte length of encoded points */ - bsize = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) ? - BN_num_bytes(EC_GROUP_get0_field(group)) : - (EC_GROUP_get_degree(group) + 7) / 8; + bsize = (EC_GROUP_get_degree(group) + 7) / 8; bsize = 2 * bsize + 1; if (!TEST_ptr(k = BN_CTX_get(ctx)) From openssl at openssl.org Tue Jul 14 09:16:49 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 09:16:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1594718209.800620.12674.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4127: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3097: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From pauli at openssl.org Tue Jul 14 09:20:45 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 14 Jul 2020 09:20:45 +0000 Subject: [openssl] master update Message-ID: <1594718445.976904.24663.nullmailer@dev.openssl.org> The branch master has been updated via ce3080e931d77fda3bb4f2d923fcc6cec967d1a3 (commit) from d35bab46c9e5edfeadc756bac9dc38213f172c07 (commit) - Log ----------------------------------------------------------------- commit ce3080e931d77fda3bb4f2d923fcc6cec967d1a3 Author: Pauli Date: Sat Jul 4 10:48:19 2020 +1000 DRBG: rename the DRBG taxonomy. The existing wording didn't capture the reality of the default setup, this new nomenclature attempts to improve the situation. Reviewed-by: Mark J. Cox Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12366) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_lib.c | 130 +++++------ crypto/rand/rand_local.h | 9 +- ...G_get0_master.pod => RAND_DRBG_get0_public.pod} | 10 +- doc/man3/RAND_DRBG_new.pod | 2 +- doc/man3/RAND_DRBG_reseed.pod | 24 +- include/openssl/rand_drbg.h | 21 +- test/drbgtest.c | 244 +++++++++++---------- util/libcrypto.num | 2 +- 8 files changed, 230 insertions(+), 212 deletions(-) rename doc/man3/{RAND_DRBG_get0_master.pod => RAND_DRBG_get0_public.pod} (90%) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index ee33cfa631..4b5d832df2 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -41,29 +41,32 @@ typedef struct drbg_global_st { /* * The three shared DRBG instances * - * There are three shared DRBG instances: , , and . + * There are three shared DRBG instances: , , and + * . The and DRBGs are secondary ones. + * These are used for non-secret (e.g. nonces) and secret + * (e.g. private keys) data respectively. */ CRYPTO_RWLOCK *lock; /* - * The DRBG + * The DRBG * * Not used directly by the application, only for reseeding the two other * DRBGs. It reseeds itself by pulling either randomness from os entropy * sources or by consuming randomness which was added by RAND_add(). * - * The DRBG is a global instance which is accessed concurrently by + * The DRBG is a global instance which is accessed concurrently by * all threads. The necessary locking is managed automatically by its child * DRBG instances during reseeding. */ - RAND_DRBG *master_drbg; + RAND_DRBG *primary_drbg; /* * The DRBG * * Used by default for generating random bytes using RAND_bytes(). * - * The DRBG is thread-local, i.e., there is one instance per - * thread. + * The secondary DRBG is thread-local, i.e., there is one instance + * per thread. */ CRYPTO_THREAD_LOCAL public_drbg; /* @@ -71,43 +74,44 @@ typedef struct drbg_global_st { * * Used by default for generating private keys using RAND_priv_bytes() * - * The DRBG is thread-local, i.e., there is one instance per - * thread. + * The secondary DRBG is thread-local, i.e., there is one + * instance per thread. */ CRYPTO_THREAD_LOCAL private_drbg; } DRBG_GLOBAL; #define RAND_DRBG_TYPE_FLAGS ( \ - RAND_DRBG_FLAG_MASTER | RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_PRIVATE ) + RAND_DRBG_FLAG_PRIMARY | RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_PRIVATE ) -#define RAND_DRBG_TYPE_MASTER 0 +#define RAND_DRBG_TYPE_PRIMARY 0 #define RAND_DRBG_TYPE_PUBLIC 1 #define RAND_DRBG_TYPE_PRIVATE 2 /* Defaults */ static int rand_drbg_type[3] = { - RAND_DRBG_TYPE, /* Master */ + RAND_DRBG_TYPE, /* Primary */ RAND_DRBG_TYPE, /* Public */ RAND_DRBG_TYPE /* Private */ }; static unsigned int rand_drbg_flags[3] = { - RAND_DRBG_FLAGS | RAND_DRBG_FLAG_MASTER, /* Master */ - RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC, /* Public */ - RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIVATE /* Private */ + RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIMARY, /* Primary */ + RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC, /* Public */ + RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIVATE /* Private */ }; -static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL; -static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL; +static unsigned int primary_reseed_interval = PRIMARY_RESEED_INTERVAL; +static unsigned int secondary_reseed_interval = SECONDARY_RESEED_INTERVAL; -static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL; -static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL; +static time_t primary_reseed_time_interval = PRIMARY_RESEED_TIME_INTERVAL; +static time_t secondary_reseed_time_interval = SECONDARY_RESEED_TIME_INTERVAL; /* A logical OR of all used DRBG flag bits (currently there is only one) */ static const unsigned int rand_drbg_used_flags = RAND_DRBG_FLAG_CTR_NO_DF | RAND_DRBG_FLAG_HMAC | RAND_DRBG_TYPE_FLAGS; -static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, int drbg_type); +static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, + int drbg_type); static int get_drbg_params(int type, unsigned int flags, const char **name, OSSL_PARAM params[3]) @@ -229,7 +233,7 @@ static void drbg_ossl_ctx_free(void *vdgbl) return; CRYPTO_THREAD_lock_free(dgbl->lock); - RAND_DRBG_free(dgbl->master_drbg); + RAND_DRBG_free(dgbl->primary_drbg); CRYPTO_THREAD_cleanup_local(&dgbl->private_drbg); CRYPTO_THREAD_cleanup_local(&dgbl->public_drbg); @@ -293,16 +297,16 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) int use_df; if (type == 0 && flags == 0) { - type = rand_drbg_type[RAND_DRBG_TYPE_MASTER]; - flags = rand_drbg_flags[RAND_DRBG_TYPE_MASTER]; + type = rand_drbg_type[RAND_DRBG_TYPE_PRIMARY]; + flags = rand_drbg_flags[RAND_DRBG_TYPE_PRIMARY]; } if (drbg->parent == NULL) { - reseed_interval = master_reseed_interval; - reseed_time_interval = master_reseed_time_interval; + reseed_interval = primary_reseed_interval; + reseed_time_interval = primary_reseed_time_interval; } else { - reseed_interval = slave_reseed_interval; - reseed_time_interval = slave_reseed_time_interval; + reseed_interval = secondary_reseed_interval; + reseed_time_interval = secondary_reseed_time_interval; } *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, &reseed_interval); @@ -371,9 +375,10 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags) } all = ((flags & RAND_DRBG_TYPE_FLAGS) == 0); - if (all || (flags & RAND_DRBG_FLAG_MASTER) != 0) { - rand_drbg_type[RAND_DRBG_TYPE_MASTER] = type; - rand_drbg_flags[RAND_DRBG_TYPE_MASTER] = flags | RAND_DRBG_FLAG_MASTER; + if (all || (flags & RAND_DRBG_FLAG_PRIMARY) != 0) { + rand_drbg_type[RAND_DRBG_TYPE_PRIMARY] = type; + rand_drbg_flags[RAND_DRBG_TYPE_PRIMARY] = flags + | RAND_DRBG_FLAG_PRIMARY; } if (all || (flags & RAND_DRBG_FLAG_PUBLIC) != 0) { rand_drbg_type[RAND_DRBG_TYPE_PUBLIC] = type; @@ -381,7 +386,8 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags) } if (all || (flags & RAND_DRBG_FLAG_PRIVATE) != 0) { rand_drbg_type[RAND_DRBG_TYPE_PRIVATE] = type; - rand_drbg_flags[RAND_DRBG_TYPE_PRIVATE] = flags | RAND_DRBG_FLAG_PRIVATE; + rand_drbg_flags[RAND_DRBG_TYPE_PRIVATE] = flags + | RAND_DRBG_FLAG_PRIVATE; } return 1; } @@ -473,8 +479,8 @@ int RAND_DRBG_uninstantiate(RAND_DRBG *drbg) return 0; /* The reset uses the default values for type and flags */ - if (drbg->flags & RAND_DRBG_FLAG_MASTER) - index = RAND_DRBG_TYPE_MASTER; + if (drbg->flags & RAND_DRBG_FLAG_PRIMARY) + index = RAND_DRBG_TYPE_PRIMARY; else if (drbg->flags & RAND_DRBG_FLAG_PRIVATE) index = RAND_DRBG_TYPE_PRIVATE; else if (drbg->flags & RAND_DRBG_FLAG_PUBLIC) @@ -730,32 +736,32 @@ int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval) /* * Set the default values for reseed (time) intervals of new DRBG instances * - * The default values can be set independently for master DRBG instances - * (without a parent) and slave DRBG instances (with parent). + * The default values can be set independently for primary DRBG instances + * (without a parent) and secondary DRBG instances (with parent). * * Returns 1 on success, 0 on failure. */ int RAND_DRBG_set_reseed_defaults( - unsigned int _master_reseed_interval, - unsigned int _slave_reseed_interval, - time_t _master_reseed_time_interval, - time_t _slave_reseed_time_interval + unsigned int _primary_reseed_interval, + unsigned int _secondary_reseed_interval, + time_t _primary_reseed_time_interval, + time_t _secondary_reseed_time_interval ) { - if (_master_reseed_interval > MAX_RESEED_INTERVAL - || _slave_reseed_interval > MAX_RESEED_INTERVAL) + if (_primary_reseed_interval > MAX_RESEED_INTERVAL + || _secondary_reseed_interval > MAX_RESEED_INTERVAL) return 0; - if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL - || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL) + if (_primary_reseed_time_interval > MAX_RESEED_TIME_INTERVAL + || _secondary_reseed_time_interval > MAX_RESEED_TIME_INTERVAL) return 0; - master_reseed_interval = _master_reseed_interval; - slave_reseed_interval = _slave_reseed_interval; + primary_reseed_interval = _primary_reseed_interval; + secondary_reseed_interval = _secondary_reseed_interval; - master_reseed_time_interval = _master_reseed_time_interval; - slave_reseed_time_interval = _slave_reseed_time_interval; + primary_reseed_time_interval = _primary_reseed_time_interval; + secondary_reseed_time_interval = _secondary_reseed_time_interval; return 1; } @@ -793,7 +799,7 @@ static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, int drbg_type) if (drbg == NULL) return NULL; - /* Only the master DRBG needs to have a lock */ + /* Only the primary DRBG needs to have a lock */ if (parent == NULL && EVP_RAND_enable_locking(drbg->rand) == 0) goto err; @@ -878,30 +884,30 @@ int RAND_DRBG_verify_zeroization(RAND_DRBG *drbg) } /* - * Get the master DRBG. + * Get the primary DRBG. * Returns pointer to the DRBG on success, NULL on failure. * */ -RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx) +RAND_DRBG *OPENSSL_CTX_get0_primary_drbg(OPENSSL_CTX *ctx) { DRBG_GLOBAL *dgbl = drbg_get_global(ctx); if (dgbl == NULL) return NULL; - if (dgbl->master_drbg == NULL) { + if (dgbl->primary_drbg == NULL) { if (!CRYPTO_THREAD_write_lock(dgbl->lock)) return NULL; - if (dgbl->master_drbg == NULL) - dgbl->master_drbg = drbg_setup(ctx, NULL, RAND_DRBG_TYPE_MASTER); + if (dgbl->primary_drbg == NULL) + dgbl->primary_drbg = drbg_setup(ctx, NULL, RAND_DRBG_TYPE_PRIMARY); CRYPTO_THREAD_unlock(dgbl->lock); } - return dgbl->master_drbg; + return dgbl->primary_drbg; } RAND_DRBG *RAND_DRBG_get0_master(void) { - return OPENSSL_CTX_get0_master_drbg(NULL); + return OPENSSL_CTX_get0_primary_drbg(NULL); } /* @@ -911,15 +917,15 @@ RAND_DRBG *RAND_DRBG_get0_master(void) RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx) { DRBG_GLOBAL *dgbl = drbg_get_global(ctx); - RAND_DRBG *drbg, *master; + RAND_DRBG *drbg, *primary; if (dgbl == NULL) return NULL; drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg); if (drbg == NULL) { - master = OPENSSL_CTX_get0_master_drbg(ctx); - if (master == NULL) + primary = OPENSSL_CTX_get0_primary_drbg(ctx); + if (primary == NULL) return NULL; ctx = openssl_ctx_get_concrete(ctx); @@ -930,7 +936,7 @@ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx) if (CRYPTO_THREAD_get_local(&dgbl->private_drbg) == NULL && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) return NULL; - drbg = drbg_setup(ctx, master, RAND_DRBG_TYPE_PUBLIC); + drbg = drbg_setup(ctx, primary, RAND_DRBG_TYPE_PUBLIC); CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg); } return drbg; @@ -948,15 +954,15 @@ RAND_DRBG *RAND_DRBG_get0_public(void) RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx) { DRBG_GLOBAL *dgbl = drbg_get_global(ctx); - RAND_DRBG *drbg, *master; + RAND_DRBG *drbg, *primary; if (dgbl == NULL) return NULL; drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg); if (drbg == NULL) { - master = OPENSSL_CTX_get0_master_drbg(ctx); - if (master == NULL) + primary = OPENSSL_CTX_get0_primary_drbg(ctx); + if (primary == NULL) return NULL; ctx = openssl_ctx_get_concrete(ctx); @@ -967,7 +973,7 @@ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx) if (CRYPTO_THREAD_get_local(&dgbl->public_drbg) == NULL && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) return NULL; - drbg = drbg_setup(ctx, master, RAND_DRBG_TYPE_PRIVATE); + drbg = drbg_setup(ctx, primary, RAND_DRBG_TYPE_PRIVATE); CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg); } return drbg; diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h index e46248cf9b..73751d25e4 100644 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -26,10 +26,11 @@ # define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ /* Default reseed intervals */ -# define MASTER_RESEED_INTERVAL (1 << 8) -# define SLAVE_RESEED_INTERVAL (1 << 16) -# define MASTER_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ -# define SLAVE_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ +# define PRIMARY_RESEED_INTERVAL (1 << 8) +# define SECONDARY_RESEED_INTERVAL (1 << 16) +# define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ +# define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ + /* * The state of all types of DRBGs. */ diff --git a/doc/man3/RAND_DRBG_get0_master.pod b/doc/man3/RAND_DRBG_get0_public.pod similarity index 90% rename from doc/man3/RAND_DRBG_get0_master.pod rename to doc/man3/RAND_DRBG_get0_public.pod index 77d0ab70a5..33062a9e7e 100644 --- a/doc/man3/RAND_DRBG_get0_master.pod +++ b/doc/man3/RAND_DRBG_get0_public.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_CTX_get0_master_drbg, +OPENSSL_CTX_get0_primary_drbg, OPENSSL_CTX_get0_public_drbg, OPENSSL_CTX_get0_private_drbg, RAND_DRBG_get0_master, @@ -14,7 +14,7 @@ RAND_DRBG_get0_private #include - RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); + RAND_DRBG *OPENSSL_CTX_get0_primary_drbg(OPENSSL_CTX *ctx); RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); RAND_DRBG *RAND_DRBG_get0_master(void); @@ -36,7 +36,7 @@ These functions here provide access to the shared DRBG instances. =head1 RETURN VALUES -OPENSSL_CTX_get0_master_drbg() returns a pointer to the I DRBG instance +OPENSSL_CTX_get0_primary_drbg() returns a pointer to the I DRBG instance for the given OPENSSL_CTX B. OPENSSL_CTX_get0_public_drbg() returns a pointer to the I DRBG instance @@ -48,7 +48,7 @@ for the given OPENSSL_CTX B. In all the above cases the B parameter can be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_get0_master(), RAND_DRBG_get0_public() and RAND_DRBG_get0_private() are the same as -OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and +OPENSSL_CTX_get0_primary_drbg(), OPENSSL_CTX_get0_public_drbg() and OPENSSL_CTX_get0_private_drbg() respectively except that the default OPENSSL_CTX is always used. @@ -80,7 +80,7 @@ L =head1 HISTORY -The OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and +The OPENSSL_CTX_get0_primary_drbg(), OPENSSL_CTX_get0_public_drbg() and OPENSSL_CTX_get0_private_drbg() functions were added in OpenSSL 3.0. All other RAND_DRBG functions were added in OpenSSL 1.1.1. diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod index d8b9633c7a..340fccdce6 100644 --- a/doc/man3/RAND_DRBG_new.pod +++ b/doc/man3/RAND_DRBG_new.pod @@ -84,7 +84,7 @@ see [NIST SP 800-90A Rev. 1]. Enables use of HMAC instead of the HASH DRBG. -=item RAND_DRBG_FLAG_MASTER +=item RAND_DRBG_FLAG_PRIMARY =item RAND_DRBG_FLAG_PUBLIC diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index b73f35fb66..a0878151e4 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -23,10 +23,10 @@ RAND_DRBG_set_reseed_defaults time_t interval); int RAND_DRBG_set_reseed_defaults( - unsigned int master_reseed_interval, - unsigned int slave_reseed_interval, - time_t master_reseed_time_interval, - time_t slave_reseed_time_interval + unsigned int primary_reseed_interval, + unsigned int secondary_reseed_interval, + time_t primary_reseed_time_interval, + time_t secondary_reseed_time_interval ); @@ -60,12 +60,13 @@ elapsed time since its last reseeding exceeds the given reseed time interval. If B == 0, then this feature is disabled. RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval -(B and B) +(B and B) and the reseed time interval -(B and B) +(B and B) of DRBG instances. -The default values are set independently for master DRBG instances (which don't -have a parent) and slave DRBG instances (which are chained to a parent DRBG). +The default values are set independently for primary DRBG instances (which don't +have a parent) and secondary DRBG instances (which are chained to a parent +DRBG). =head1 RETURN VALUES @@ -74,7 +75,6 @@ RAND_DRBG_set_reseed_interval(), and RAND_DRBG_set_reseed_time_interval(), return 1 on success, 0 on failure. - =head1 NOTES The default OpenSSL random generator is already set up for automatic reseeding, @@ -89,9 +89,9 @@ by providing application defined callbacks using RAND_DRBG_set_callbacks(). The reseeding default values are applied only during creation of a DRBG instance. To ensure that they are applied to the global and thread-local DRBG instances -(, resp. and ), it is necessary to call -RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any - cryptographic routines that obtain random data directly or indirectly. +(, resp. and ), it is necessary to call +RAND_DRBG_set_reseed_defaults() before creating any thread and before calling +any cryptographic routines that obtain random data directly or indirectly. =head1 SEE ALSO diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index f8517b8ecd..afc4d43eb8 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -35,8 +35,8 @@ */ # define RAND_DRBG_FLAG_HMAC 0x2 -/* Used by RAND_DRBG_set_defaults() to set the master DRBG type and flags. */ -# define RAND_DRBG_FLAG_MASTER 0x4 +/* Used by RAND_DRBG_set_defaults() to set the primary DRBG type and flags. */ +# define RAND_DRBG_FLAG_PRIMARY 0x4 /* Used by RAND_DRBG_set_defaults() to set the public DRBG type and flags. */ # define RAND_DRBG_FLAG_PUBLIC 0x8 /* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */ @@ -104,19 +104,26 @@ int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); int RAND_DRBG_set_reseed_defaults( - unsigned int master_reseed_interval, - unsigned int slave_reseed_interval, - time_t master_reseed_time_interval, - time_t slave_reseed_time_interval + unsigned int primary_reseed_interval, + unsigned int secondary_reseed_interval, + time_t primary_reseed_time_interval, + time_t secondary_reseed_time_interval ); -RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *OPENSSL_CTX_get0_primary_drbg(OPENSSL_CTX *ctx); RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); RAND_DRBG *RAND_DRBG_get0_master(void); RAND_DRBG *RAND_DRBG_get0_public(void); RAND_DRBG *RAND_DRBG_get0_private(void); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Retain legacy deprecated names */ +# define RAND_DRBG_FLAG_MASTER RAND_DRBG_FLAG_PRIMARY +# define OPENSSL_CTX_get0_master_drbg OPENSSL_CTX_get0_primary_drbg +# define RAND_DRBG_get0_master RAND_DRBG_get0_master +# endif + /* * EXDATA */ diff --git a/test/drbgtest.c b/test/drbgtest.c index 1022ad7725..f9e65757c2 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -625,7 +625,7 @@ err: * expected. * * |expect_success|: expected outcome (as reported by RAND_status()) - * |master|, |public|, |private|: pointers to the three shared DRBGs + * |primary|, |public|, |private|: pointers to the three shared DRBGs * |expect_xxx_reseed| = * 1: it is expected that the specified DRBG is reseeded * 0: it is expected that the specified DRBG is not reseeded @@ -634,10 +634,10 @@ err: * |before_reseed| time. */ static int test_drbg_reseed(int expect_success, - RAND_DRBG *master, + RAND_DRBG *primary, RAND_DRBG *public, RAND_DRBG *private, - int expect_master_reseed, + int expect_primary_reseed, int expect_public_reseed, int expect_private_reseed, time_t reseed_when @@ -646,14 +646,14 @@ static int test_drbg_reseed(int expect_success, unsigned char buf[32]; time_t before_reseed, after_reseed; int expected_state = (expect_success ? DRBG_READY : DRBG_ERROR); - unsigned int master_reseed, public_reseed, private_reseed; + unsigned int primary_reseed, public_reseed, private_reseed; /* * step 1: check preconditions */ /* Test whether seed propagation is enabled */ - if (!TEST_int_ne(master_reseed = reseed_counter(master), 0) + if (!TEST_int_ne(primary_reseed = reseed_counter(primary), 0) || !TEST_int_ne(public_reseed = reseed_counter(public), 0) || !TEST_int_ne(private_reseed = reseed_counter(private), 0)) return 0; @@ -666,7 +666,7 @@ static int test_drbg_reseed(int expect_success, reseed_when = time(NULL); /* Generate random output from the public and private DRBG */ - before_reseed = expect_master_reseed == 1 ? reseed_when : 0; + before_reseed = expect_primary_reseed == 1 ? reseed_when : 0; if (!TEST_int_eq(RAND_bytes(buf, sizeof(buf)), expect_success) || !TEST_int_eq(RAND_priv_bytes(buf, sizeof(buf)), expect_success)) return 0; @@ -678,14 +678,14 @@ static int test_drbg_reseed(int expect_success, */ /* Test whether reseeding succeeded as expected */ - if (/*!TEST_int_eq(state(master), expected_state) + if (/*!TEST_int_eq(state(primary), expected_state) || */!TEST_int_eq(state(public), expected_state) || !TEST_int_eq(state(private), expected_state)) return 0; - if (expect_master_reseed >= 0) { - /* Test whether master DRBG was reseeded as expected */ - if (!TEST_int_ge(reseed_counter(master), master_reseed)) + if (expect_primary_reseed >= 0) { + /* Test whether primary DRBG was reseeded as expected */ + if (!TEST_int_ge(reseed_counter(primary), primary_reseed)) return 0; } @@ -693,7 +693,7 @@ static int test_drbg_reseed(int expect_success, /* Test whether public DRBG was reseeded as expected */ if (!TEST_int_ge(reseed_counter(public), public_reseed) || !TEST_uint_ge(reseed_counter(public), - reseed_counter(master))) + reseed_counter(primary))) return 0; } @@ -701,19 +701,19 @@ static int test_drbg_reseed(int expect_success, /* Test whether public DRBG was reseeded as expected */ if (!TEST_int_ge(reseed_counter(private), private_reseed) || !TEST_uint_ge(reseed_counter(private), - reseed_counter(master))) + reseed_counter(primary))) return 0; } if (expect_success == 1) { - /* Test whether reseed time of master DRBG is set correctly */ - if (!TEST_time_t_le(before_reseed, reseed_time(master)) - || !TEST_time_t_le(reseed_time(master), after_reseed)) + /* Test whether reseed time of primary DRBG is set correctly */ + if (!TEST_time_t_le(before_reseed, reseed_time(primary)) + || !TEST_time_t_le(reseed_time(primary), after_reseed)) return 0; - /* Test whether reseed times of child DRBGs are synchronized with master */ - if (!TEST_time_t_ge(reseed_time(public), reseed_time(master)) - || !TEST_time_t_ge(reseed_time(private), reseed_time(master))) + /* Test whether reseed times of child DRBGs are synchronized with primary */ + if (!TEST_time_t_ge(reseed_time(public), reseed_time(primary)) + || !TEST_time_t_ge(reseed_time(private), reseed_time(primary))) return 0; } else { ERR_clear_error(); @@ -725,10 +725,10 @@ static int test_drbg_reseed(int expect_success, #if defined(OPENSSL_SYS_UNIX) /* - * Test whether master, public and private DRBG are reseeded after + * Test whether primary, public and private DRBG are reseeded after * forking the process. */ -static int test_drbg_reseed_after_fork(RAND_DRBG *master, +static int test_drbg_reseed_after_fork(RAND_DRBG *primary, RAND_DRBG *public, RAND_DRBG *private) { @@ -745,7 +745,7 @@ static int test_drbg_reseed_after_fork(RAND_DRBG *master, } /* I'm the child; check whether all three DRBGs reseed. */ - if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0))) + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, 0))) status = 1; exit(status); } @@ -758,7 +758,7 @@ static int test_drbg_reseed_after_fork(RAND_DRBG *master, */ static int test_rand_drbg_reseed(void) { - RAND_DRBG *master, *public, *private; + RAND_DRBG *primary, *public, *private; unsigned char rand_add_buf[256]; int rv = 0; time_t before_reseed; @@ -771,25 +771,25 @@ static int test_rand_drbg_reseed(void) return 0; /* All three DRBGs should be non-null */ - if (!TEST_ptr(master = RAND_DRBG_get0_master()) + if (!TEST_ptr(primary = RAND_DRBG_get0_master()) || !TEST_ptr(public = RAND_DRBG_get0_public()) || !TEST_ptr(private = RAND_DRBG_get0_private())) return 0; - /* There should be three distinct DRBGs, two of them chained to master */ + /* There should be three distinct DRBGs, two of them chained to primary */ if (!TEST_ptr_ne(public, private) - || !TEST_ptr_ne(public, master) - || !TEST_ptr_ne(private, master) - || !TEST_ptr_eq(public->parent, master) - || !TEST_ptr_eq(private->parent, master)) + || !TEST_ptr_ne(public, primary) + || !TEST_ptr_ne(private, primary) + || !TEST_ptr_eq(public->parent, primary) + || !TEST_ptr_eq(private->parent, primary)) return 0; - /* Disable CRNG testing for the master DRBG */ - if (!TEST_true(disable_crngt(master))) + /* Disable CRNG testing for the primary DRBG */ + if (!TEST_true(disable_crngt(primary))) return 0; /* uninstantiate the three global DRBGs */ - RAND_DRBG_uninstantiate(master); + RAND_DRBG_uninstantiate(primary); RAND_DRBG_uninstantiate(private); RAND_DRBG_uninstantiate(public); @@ -797,44 +797,44 @@ static int test_rand_drbg_reseed(void) /* * Test initial seeding of shared DRBGs */ - if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0))) + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, 0))) goto error; /* * Test initial state of shared DRBGs */ - if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0, 0))) + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 0, 0))) goto error; /* * Test whether the public and private DRBG are both reseeded when their - * reseed counters differ from the master's reseed counter. + * reseed counters differ from the primary's reseed counter. */ - inc_reseed_counter(master); - if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0))) + inc_reseed_counter(primary); + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 1, 1, 0))) goto error; /* * Test whether the public DRBG is reseeded when its reseed counter differs - * from the master's reseed counter. + * from the primary's reseed counter. */ - inc_reseed_counter(master); + inc_reseed_counter(primary); inc_reseed_counter(private); - if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0))) + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 1, 0, 0))) goto error; /* * Test whether the private DRBG is reseeded when its reseed counter differs - * from the master's reseed counter. + * from the primary's reseed counter. */ - inc_reseed_counter(master); + inc_reseed_counter(primary); inc_reseed_counter(public); - if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0))) + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 1, 0))) goto error; #if defined(OPENSSL_SYS_UNIX) - if (!TEST_true(test_drbg_reseed_after_fork(master, public, private))) + if (!TEST_true(test_drbg_reseed_after_fork(primary, public, private))) goto error; #endif @@ -845,14 +845,14 @@ static int test_rand_drbg_reseed(void) /* * Test whether all three DRBGs are reseeded by RAND_add(). * The before_reseed time has to be measured here and passed into the - * test_drbg_reseed() test, because the master DRBG gets already reseeded + * test_drbg_reseed() test, because the primary DRBG gets already reseeded * in RAND_add(), whence the check for the condition - * before_reseed <= reseed_time(master) will fail if the time value happens + * before_reseed <= reseed_time(primary) will fail if the time value happens * to increase between the RAND_add() and the test_drbg_reseed() call. */ before_reseed = time(NULL); RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); - if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 1, 1, 1, before_reseed))) goto error; #else /* FIPS_MODULE */ @@ -864,7 +864,7 @@ static int test_rand_drbg_reseed(void) */ before_reseed = time(NULL); RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); - if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0, + if (!TEST_true(test_drbg_reseed(1, primary, public, private, 0, 0, 0, before_reseed))) goto error; #endif @@ -983,84 +983,88 @@ static int test_multi_thread(void) static int test_rand_drbg_prediction_resistance(void) { - RAND_DRBG *m = NULL, *i = NULL, *s = NULL; + RAND_DRBG *x = NULL, *y = NULL, *z = NULL; unsigned char buf1[51], buf2[sizeof(buf1)]; - int ret = 0, mreseed, ireseed, sreseed; + int ret = 0, xreseed, yreseed, zreseed; if (crngt_skip()) return TEST_skip("CRNGT cannot be disabled"); /* Initialise a three long DRBG chain */ - if (!TEST_ptr(m = RAND_DRBG_new(0, 0, NULL)) - || !TEST_true(disable_crngt(m)) - || !TEST_true(RAND_DRBG_instantiate(m, NULL, 0)) - || !TEST_ptr(i = RAND_DRBG_new(0, 0, m)) - || !TEST_true(RAND_DRBG_instantiate(i, NULL, 0)) - || !TEST_ptr(s = RAND_DRBG_new(0, 0, i)) - || !TEST_true(RAND_DRBG_instantiate(s, NULL, 0))) + if (!TEST_ptr(x = RAND_DRBG_new(0, 0, NULL)) + || !TEST_true(disable_crngt(x)) + || !TEST_true(RAND_DRBG_instantiate(x, NULL, 0)) + || !TEST_ptr(y = RAND_DRBG_new(0, 0, x)) + || !TEST_true(RAND_DRBG_instantiate(y, NULL, 0)) + || !TEST_ptr(z = RAND_DRBG_new(0, 0, y)) + || !TEST_true(RAND_DRBG_instantiate(z, NULL, 0))) goto err; - /* During a normal reseed, only the slave DRBG should be reseed */ - inc_reseed_counter(i); - mreseed = reseed_counter(m); - ireseed = reseed_counter(i); - sreseed = reseed_counter(s); - if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0)) - || !TEST_int_eq(reseed_counter(m), mreseed) - || !TEST_int_eq(reseed_counter(i), ireseed) - || !TEST_int_gt(reseed_counter(s), sreseed)) + /* + * During a normal reseed, only the last DRBG in the chain should + * be reseeded. + */ + inc_reseed_counter(y); + xreseed = reseed_counter(x); + yreseed = reseed_counter(y); + zreseed = reseed_counter(z); + if (!TEST_true(RAND_DRBG_reseed(z, NULL, 0, 0)) + || !TEST_int_eq(reseed_counter(x), xreseed) + || !TEST_int_eq(reseed_counter(y), yreseed) + || !TEST_int_gt(reseed_counter(z), zreseed)) goto err; /* * When prediction resistance is requested, the request should be - * propagated to the master, so that the entire DRBG chain reseeds. + * propagated to the primary, so that the entire DRBG chain reseeds. */ - sreseed = reseed_counter(s); - if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 1)) - || !TEST_int_gt(reseed_counter(m), mreseed) - || !TEST_int_gt(reseed_counter(i), ireseed) - || !TEST_int_gt(reseed_counter(s), sreseed)) + zreseed = reseed_counter(z); + if (!TEST_true(RAND_DRBG_reseed(z, NULL, 0, 1)) + || !TEST_int_gt(reseed_counter(x), xreseed) + || !TEST_int_gt(reseed_counter(y), yreseed) + || !TEST_int_gt(reseed_counter(z), zreseed)) goto err; - /* During a normal generate, only the slave DRBG should be reseed */ - inc_reseed_counter(i); - mreseed = reseed_counter(m); - ireseed = reseed_counter(i); - sreseed = reseed_counter(s); - if (!TEST_true(RAND_DRBG_generate(s, buf1, sizeof(buf1), 0, NULL, 0)) - || !TEST_int_eq(reseed_counter(m), mreseed) - || !TEST_int_eq(reseed_counter(i), ireseed) - || !TEST_int_gt(reseed_counter(s), sreseed)) + /* + * During a normal generate, only the last DRBG should be reseed */ + inc_reseed_counter(y); + xreseed = reseed_counter(x); + yreseed = reseed_counter(y); + zreseed = reseed_counter(z); + if (!TEST_true(RAND_DRBG_generate(z, buf1, sizeof(buf1), 0, NULL, 0)) + || !TEST_int_eq(reseed_counter(x), xreseed) + || !TEST_int_eq(reseed_counter(y), yreseed) + || !TEST_int_gt(reseed_counter(z), zreseed)) goto err; /* * When a prediction resistant generate is requested, the request - * should be propagated to the master, reseeding the entire DRBG chain. + * should be propagated to the primary, reseeding the entire DRBG chain. */ - sreseed = reseed_counter(s); - if (!TEST_true(RAND_DRBG_generate(s, buf2, sizeof(buf2), 1, NULL, 0)) - || !TEST_int_gt(reseed_counter(m), mreseed) - || !TEST_int_gt(reseed_counter(i), ireseed) - || !TEST_int_gt(reseed_counter(s), sreseed) + zreseed = reseed_counter(z); + if (!TEST_true(RAND_DRBG_generate(z, buf2, sizeof(buf2), 1, NULL, 0)) + || !TEST_int_gt(reseed_counter(x), xreseed) + || !TEST_int_gt(reseed_counter(y), yreseed) + || !TEST_int_gt(reseed_counter(z), zreseed) || !TEST_mem_ne(buf1, sizeof(buf1), buf2, sizeof(buf2))) goto err; - /* Verify that a normal reseed still only reseeds the slave DRBG */ - inc_reseed_counter(i); - mreseed = reseed_counter(m); - ireseed = reseed_counter(i); - sreseed = reseed_counter(s); - if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0)) - || !TEST_int_eq(reseed_counter(m), mreseed) - || !TEST_int_eq(reseed_counter(i), ireseed) - || !TEST_int_gt(reseed_counter(s), sreseed)) + /* Verify that a normal reseed still only reseeds the last DRBG */ + inc_reseed_counter(y); + xreseed = reseed_counter(x); + yreseed = reseed_counter(y); + zreseed = reseed_counter(z); + if (!TEST_true(RAND_DRBG_reseed(z, NULL, 0, 0)) + || !TEST_int_eq(reseed_counter(x), xreseed) + || !TEST_int_eq(reseed_counter(y), yreseed) + || !TEST_int_gt(reseed_counter(z), zreseed)) goto err; ret = 1; err: - RAND_DRBG_free(s); - RAND_DRBG_free(i); - RAND_DRBG_free(m); + RAND_DRBG_free(z); + RAND_DRBG_free(y); + RAND_DRBG_free(x); return ret; } @@ -1106,15 +1110,15 @@ err: static int test_set_defaults(void) { - RAND_DRBG *master = NULL, *public = NULL, *private = NULL; + RAND_DRBG *primary = NULL, *public = NULL, *private = NULL; - /* Check the default type and flags for master, public and private */ - return TEST_ptr(master = RAND_DRBG_get0_master()) + /* Check the default type and flags for primary, public and private */ + return TEST_ptr(primary = RAND_DRBG_get0_master()) && TEST_ptr(public = RAND_DRBG_get0_public()) && TEST_ptr(private = RAND_DRBG_get0_private()) - && TEST_int_eq(master->type, RAND_DRBG_TYPE) - && TEST_int_eq(master->flags, - RAND_DRBG_FLAGS | RAND_DRBG_FLAG_MASTER) + && TEST_int_eq(primary->type, RAND_DRBG_TYPE) + && TEST_int_eq(primary->flags, + RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIMARY) && TEST_int_eq(public->type, RAND_DRBG_TYPE) && TEST_int_eq(public->flags, RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC) @@ -1122,12 +1126,12 @@ static int test_set_defaults(void) && TEST_int_eq(private->flags, RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PRIVATE) - /* change master DRBG and check again */ + /* change primary DRBG and check again */ && TEST_true(RAND_DRBG_set_defaults(NID_sha256, - RAND_DRBG_FLAG_MASTER)) - && TEST_true(RAND_DRBG_uninstantiate(master)) - && TEST_int_eq(master->type, NID_sha256) - && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER) + RAND_DRBG_FLAG_PRIMARY)) + && TEST_true(RAND_DRBG_uninstantiate(primary)) + && TEST_int_eq(primary->type, NID_sha256) + && TEST_int_eq(primary->flags, RAND_DRBG_FLAG_PRIMARY) && TEST_int_eq(public->type, RAND_DRBG_TYPE) && TEST_int_eq(public->flags, RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC) @@ -1138,8 +1142,8 @@ static int test_set_defaults(void) && TEST_true(RAND_DRBG_set_defaults(NID_sha256, RAND_DRBG_FLAG_PRIVATE|RAND_DRBG_FLAG_HMAC)) && TEST_true(RAND_DRBG_uninstantiate(private)) - && TEST_int_eq(master->type, NID_sha256) - && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER) + && TEST_int_eq(primary->type, NID_sha256) + && TEST_int_eq(primary->flags, RAND_DRBG_FLAG_PRIMARY) && TEST_int_eq(public->type, RAND_DRBG_TYPE) && TEST_int_eq(public->flags, RAND_DRBG_FLAGS | RAND_DRBG_FLAG_PUBLIC) @@ -1151,8 +1155,8 @@ static int test_set_defaults(void) RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_HMAC)) && TEST_true(RAND_DRBG_uninstantiate(public)) - && TEST_int_eq(master->type, NID_sha256) - && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER) + && TEST_int_eq(primary->type, NID_sha256) + && TEST_int_eq(primary->flags, RAND_DRBG_FLAG_PRIMARY) && TEST_int_eq(public->type, NID_sha1) && TEST_int_eq(public->flags, RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_HMAC) @@ -1167,21 +1171,21 @@ static int test_set_defaults(void) /* FIPS mode doesn't support CTR DRBG without a derivation function */ #ifndef FIPS_MODULE - /* Change DRBG defaults and change master and check again */ + /* Change DRBG defaults and change primary and check again */ && TEST_true(RAND_DRBG_set_defaults(NID_aes_256_ctr, RAND_DRBG_FLAG_CTR_NO_DF)) - && TEST_true(RAND_DRBG_uninstantiate(master)) - && TEST_int_eq(master->type, NID_aes_256_ctr) - && TEST_int_eq(master->flags, - RAND_DRBG_FLAG_MASTER|RAND_DRBG_FLAG_CTR_NO_DF) + && TEST_true(RAND_DRBG_uninstantiate(primary)) + && TEST_int_eq(primary->type, NID_aes_256_ctr) + && TEST_int_eq(primary->flags, + RAND_DRBG_FLAG_PRIMARY|RAND_DRBG_FLAG_CTR_NO_DF) #endif /* Reset back to the standard defaults */ && TEST_true(RAND_DRBG_set_defaults(RAND_DRBG_TYPE, RAND_DRBG_FLAGS - | RAND_DRBG_FLAG_MASTER + | RAND_DRBG_FLAG_PRIMARY | RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_PRIVATE)) - && TEST_true(RAND_DRBG_uninstantiate(master)) + && TEST_true(RAND_DRBG_uninstantiate(primary)) && TEST_true(RAND_DRBG_uninstantiate(public)) && TEST_true(RAND_DRBG_uninstantiate(private)); } diff --git a/util/libcrypto.num b/util/libcrypto.num index db033eee9d..4ed13bb5ca 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4642,7 +4642,7 @@ ERR_load_CMP_strings ? 3_0_0 EXIST::FUNCTION:CMP EVP_MD_CTX_set_params ? 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_get_params ? 3_0_0 EXIST::FUNCTION: RAND_DRBG_new_ex ? 3_0_0 EXIST::FUNCTION: -OPENSSL_CTX_get0_master_drbg ? 3_0_0 EXIST::FUNCTION: +OPENSSL_CTX_get0_primary_drbg ? 3_0_0 EXIST::FUNCTION: OPENSSL_CTX_get0_public_drbg ? 3_0_0 EXIST::FUNCTION: OPENSSL_CTX_get0_private_drbg ? 3_0_0 EXIST::FUNCTION: BN_CTX_new_ex ? 3_0_0 EXIST::FUNCTION: From builds at travis-ci.com Tue Jul 14 09:22:28 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 14 Jul 2020 09:22:28 +0000 Subject: Fixed: openssl/openssl#36097 (OpenSSL_1_1_1-stable - a5b8c19) In-Reply-To: Message-ID: <5f0d79545cd08_13fcfe29a4fec23097a@travis-pro-tasks-7b469ccd4f-96w7w.mail> Build Update for openssl/openssl ------------------------------------- Build: #36097 Status: Fixed Duration: 44 mins and 10 secs Commit: a5b8c19 (OpenSSL_1_1_1-stable) Author: Nicola Tuveri Message: [1.1.1][test] Avoid missing EC_GROUP wrappers Backport of https://github.com/openssl/openssl/pull/12096 to 1.1.1 broke the build as the following functions are missing: const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); int EC_GROUP_get_field_type(const EC_GROUP *group); Turns out that for the purposes of the test code, we don't really need to differentiate between prime and binary fields, and we can directly use the existing `EC_GROUP_get_degree()` in the same fashion as was being done for binary fields also for prime fields. Fixes https://github.com/openssl/openssl/issues/12432 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12433) View the changeset: https://github.com/openssl/openssl/compare/2688dfb077f3...a5b8c19cdab4 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175514739?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Tue Jul 14 11:31:04 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 14 Jul 2020 11:31:04 +0000 Subject: Errored: openssl/openssl#36100 (master - ce3080e) In-Reply-To: Message-ID: <5f0d97783b82d_13f9a5ac1dea84751ca@travis-pro-tasks-7b469ccd4f-zhcm7.mail> Build Update for openssl/openssl ------------------------------------- Build: #36100 Status: Errored Duration: 1 hr, 11 mins, and 38 secs Commit: ce3080e (master) Author: Pauli Message: DRBG: rename the DRBG taxonomy. The existing wording didn't capture the reality of the default setup, this new nomenclature attempts to improve the situation. Reviewed-by: Mark J. Cox Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12366) View the changeset: https://github.com/openssl/openssl/compare/d35bab46c9e5...ce3080e931d7 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175529467?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 14 13:01:49 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 13:01:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1594731709.741685.27690.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40F76C54A07F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4007A680477F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4007A680477F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3223, 1703 wallclock secs (13.18 usr 1.31 sys + 1616.64 cusr 83.99 csys = 1715.12 CPU) Result: FAIL Makefile:3136: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3134: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 14 13:25:49 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 13:25:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1594733149.325425.13223.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3223, 871 wallclock secs (12.41 usr 1.13 sys + 774.43 cusr 59.14 csys = 847.11 CPU) Result: FAIL Makefile:3146: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3144: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 14 16:10:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 16:10:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1594743059.692440.3789.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 174. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3220, 828 wallclock secs (12.74 usr 1.13 sys + 767.03 cusr 59.51 csys = 840.41 CPU) Result: FAIL Makefile:3138: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3136: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 14 18:47:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 18:47:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1594752443.327531.19031.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E04BFF3B7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E04BFF3B7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E04BFF3B7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/8Pj3vwPb61 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0437C927F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0437C927F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0437C927F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0437C927F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0437C927F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0437C927F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/8Pj3vwPb61 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3222, 839 wallclock secs (12.39 usr 1.19 sys + 780.01 cusr 59.96 csys = 853.55 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 14 21:06:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 21:06:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1594760788.606003.23112.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070DB173E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070DB173E7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070DB173E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/YgXmM0B0xs default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C000F825897F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C000F825897F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C000F825897F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C000F825897F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C000F825897F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C000F825897F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/YgXmM0B0xs fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3222, 839 wallclock secs (12.25 usr 1.38 sys + 779.66 cusr 60.41 csys = 853.70 CPU) Result: FAIL Makefile:3124: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3122: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 14 21:52:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 14 Jul 2020 21:52:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1594763547.992981.22300.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: a01cae99ac [test] ectest: check custom generators 661595ca09 Providerized libssl fallout: cleanup init 310a0edbd0 BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() e23d850ff3 Add and use internal header that implements endianness check d685fc7a59 DOC: install documentation without execution permissions. 851165946f ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h 2957150478 Fix wrong fipsinstall key used in test f6f159e7a1 Makefile template: fix incorrect treatment of produced document files 63794b048c Add multiple fixes for ffc key generation using invalid p,q,g parameters. Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0605CDE0F7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0605CDE0F7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0605CDE0F7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0605CDE0F7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/_ZJBWA5Nzn default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01029D96E7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01029D96E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01029D96E7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01029D96E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/_ZJBWA5Nzn fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 47. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3144, 796 wallclock secs (10.88 usr 1.14 sys + 737.69 cusr 56.74 csys = 806.45 CPU) Result: FAIL Makefile:3127: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3125: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jul 15 00:58:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 15 Jul 2020 00:58:09 +0000 Subject: Build failed: openssl master.35571 Message-ID: <20200715005809.1.2375633BCEE7F339@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 15 02:52:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 15 Jul 2020 02:52:25 +0000 Subject: Build completed: openssl master.35572 Message-ID: <20200715025225.1.916220F9F8079FD8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 15 08:30:29 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 15 Jul 2020 08:30:29 +0000 Subject: Build failed: openssl master.35575 Message-ID: <20200715083029.1.F1502FD18EC6C3E8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 15 09:13:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 15 Jul 2020 09:13:11 +0000 Subject: Build completed: openssl master.35576 Message-ID: <20200715091311.1.A09BFBDE351EC4EF@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 15 19:50:35 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 15 Jul 2020 19:50:35 +0000 Subject: Build failed: openssl master.35581 Message-ID: <20200715195035.1.050AFFE7E86D3036@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 15 20:30:47 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 15 Jul 2020 20:30:47 +0000 Subject: Build completed: openssl master.35582 Message-ID: <20200715203047.1.B2E093EDF38F6290@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Jul 15 21:04:36 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 15 Jul 2020 21:04:36 +0000 Subject: [openssl] master update Message-ID: <1594847076.470112.25703.nullmailer@dev.openssl.org> The branch master has been updated via c35b8535768e22cd3b7743f4887a72e53a621a5f (commit) via a1736f37aee855fecf463b9f15519e12c333ecfc (commit) via 7a09fab2b3d201062a2cc07c1a40d09d61ea31bd (commit) via 6c2a56beec847da18e5ac60a30219f0dea39baf9 (commit) from ce3080e931d77fda3bb4f2d923fcc6cec967d1a3 (commit) - Log ----------------------------------------------------------------- commit c35b8535768e22cd3b7743f4887a72e53a621a5f Author: aSoujyuTanaka Date: Sun Apr 12 04:10:57 2020 +0900 Enable WinCE build without deceiving _MSC_VER. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) commit a1736f37aee855fecf463b9f15519e12c333ecfc Author: aSoujyuTanaka Date: Sun Apr 12 04:00:17 2020 +0900 To generate makefile with correct parameters for WinCE. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) commit 7a09fab2b3d201062a2cc07c1a40d09d61ea31bd Author: aSoujyuTanaka Date: Sun Apr 12 03:58:44 2020 +0900 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) commit 6c2a56beec847da18e5ac60a30219f0dea39baf9 Author: aSoujyuTanaka Date: Sun Apr 12 03:58:02 2020 +0900 Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 6 +++--- Configurations/windows-makefile.tmpl | 4 ++-- crypto/bn/bn_lib.c | 12 ++++++++++++ crypto/dso/dso_win32.c | 4 ++-- crypto/o_str.c | 2 +- crypto/o_time.c | 2 +- crypto/rand/randfile.c | 2 +- e_os.h | 2 +- include/openssl/e_os2.h | 2 +- 9 files changed, 24 insertions(+), 12 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 5baab6f306..895317dbb6 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1417,9 +1417,9 @@ my %targets = ( } push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' if (defined(env('PORTSDK_LIBPATH'))); - push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib' - if (env('TARGETCPU') eq "X86"); - return @ex_libs; + push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib' + if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/); + return join(" ", @ex_libs); }), }, diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 107d0dc183..c2507a6508 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -264,8 +264,8 @@ CNF_CPPFLAGS={- our $cppfags2 = join(' ', $target{cppflags} || (), (map { '-D'.quotify1($_) } @{$target{defines}}, @{$config{defines}}), - (map { '-I'.quotify1($_) } @{$target{includes}}, - @{$config{includes}}), + (map { '-I'.'"'.$_.'"' } @{$target{includes}}, + @{$config{includes}}), @{$config{cppflags}}) -} CNF_CFLAGS={- join(' ', $target{cflags} || (), @{$config{cflags}}) -} diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 57783e47d8..13a52ccb29 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -88,6 +88,15 @@ const BIGNUM *BN_value_one(void) return &const_one; } +/* + * Old Visual Studio ARM compiler miscompiles BN_num_bits_word() + * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html + */ +#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \ + && _MSC_VER>=1400 && _MSC_VER<1501 +# define MS_BROKEN_BN_num_bits_word +# pragma optimize("", off) +#endif int BN_num_bits_word(BN_ULONG l) { BN_ULONG x, mask; @@ -132,6 +141,9 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +#ifdef MS_BROKEN_BN_num_bits_word +# pragma optimize("", on) +#endif /* * This function still leaks `a->dmax`: it's caller's responsibility to diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 49e7100c4e..1472140e92 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -567,8 +567,8 @@ static int win32_pathbyaddr(void *addr, char *path, int sz) /* Enumerate the modules to find one which includes me. */ do { - if ((uintptr_t) addr >= (uintptr_t) me32.modBaseAddr && - (uintptr_t) addr < (uintptr_t) (me32.modBaseAddr + me32.modBaseSize)) { + if ((size_t) addr >= (size_t) me32.modBaseAddr && + (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) { (*close_snap) (hModuleSnap); FreeLibrary(dll); # ifdef _WIN32_WCE diff --git a/crypto/o_str.c b/crypto/o_str.c index 8aa1a2a4dd..cfc401427d 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -287,7 +287,7 @@ char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen) int openssl_strerror_r(int errnum, char *buf, size_t buflen) { -#if defined(_MSC_VER) && _MSC_VER>=1400 +#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) return !strerror_s(buf, buflen, errnum); #elif defined(_GNU_SOURCE) char *err; diff --git a/crypto/o_time.c b/crypto/o_time.c index f0e3e472e0..695f5c2938 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -41,7 +41,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) if (gmtime_s(result, timer)) return NULL; ts = result; diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 7dde54b187..cbc2720918 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_POSIX_IO # include # include -# ifdef _WIN32 +# if defined(_WIN32) && !defined(_WIN32_WCE) # include # include # define stat _stat diff --git a/e_os.h b/e_os.h index d354c6950c..c035568464 100644 --- a/e_os.h +++ b/e_os.h @@ -258,7 +258,7 @@ extern FILE *_imp___iob; # if defined(OPENSSL_SYS_WINDOWS) # define strcasecmp _stricmp # define strncasecmp _strnicmp -# if (_MSC_VER >= 1310) +# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 982dd2b8a7..aab4ef38a7 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -220,7 +220,7 @@ typedef UINT64 uint64_t; # undef OPENSSL_NO_INTTYPES_H /* Because the specs say that inttypes.h includes stdint.h if present */ # undef OPENSSL_NO_STDINT_H -# elif defined(_MSC_VER) && _MSC_VER<=1500 +# elif defined(_MSC_VER) && _MSC_VER<1600 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ From levitte at openssl.org Wed Jul 15 21:09:45 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 15 Jul 2020 21:09:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594847385.495907.29954.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e21519280b3c3e0b264632fd72ce503a9d9ced73 (commit) via be4c4237ce26d1f484add07e6e34e2650c7b7102 (commit) via 88bc70366b0cfd77616083c550a40fb0f84c5379 (commit) via 4da1981faacf2e141aab2b4965fccfd676765648 (commit) from a5b8c19cdab4e330af0377e2fa0fdd1de2f67d59 (commit) - Log ----------------------------------------------------------------- commit e21519280b3c3e0b264632fd72ce503a9d9ced73 Author: aSoujyuTanaka Date: Sun Apr 12 04:10:57 2020 +0900 Enable WinCE build without deceiving _MSC_VER. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit c35b8535768e22cd3b7743f4887a72e53a621a5f) commit be4c4237ce26d1f484add07e6e34e2650c7b7102 Author: aSoujyuTanaka Date: Sun Apr 12 04:00:17 2020 +0900 To generate makefile with correct parameters for WinCE. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit a1736f37aee855fecf463b9f15519e12c333ecfc) commit 88bc70366b0cfd77616083c550a40fb0f84c5379 Author: aSoujyuTanaka Date: Sun Apr 12 03:58:44 2020 +0900 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit 7a09fab2b3d201062a2cc07c1a40d09d61ea31bd) commit 4da1981faacf2e141aab2b4965fccfd676765648 Author: aSoujyuTanaka Date: Sun Apr 12 03:58:02 2020 +0900 Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit 6c2a56beec847da18e5ac60a30219f0dea39baf9) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 6 +++--- Configurations/windows-makefile.tmpl | 4 ++-- crypto/bn/bn_lib.c | 12 ++++++++++++ crypto/dso/dso_win32.c | 4 ++-- crypto/o_str.c | 2 +- crypto/o_time.c | 2 +- crypto/rand/randfile.c | 2 +- e_os.h | 2 +- include/openssl/e_os2.h | 2 +- 9 files changed, 24 insertions(+), 12 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 3b07731db8..eb92c24f48 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1365,9 +1365,9 @@ my %targets = ( } push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' if (defined(env('PORTSDK_LIBPATH'))); - push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib' - if (env('TARGETCPU') eq "X86"); - return @ex_libs; + push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib' + if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/); + return join(" ", @ex_libs); }), }, diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 8ef70b8699..9351149fe8 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -211,8 +211,8 @@ CNF_CPPFLAGS={- our $cppfags2 = join(' ', $target{cppflags} || (), (map { '-D'.quotify1($_) } @{$target{defines}}, @{$config{defines}}), - (map { '-I'.quotify1($_) } @{$target{includes}}, - @{$config{includes}}), + (map { '-I'.'"'.$_.'"' } @{$target{includes}}, + @{$config{includes}}), @{$config{cppflags}}) -} CNF_CFLAGS={- join(' ', $target{cflags} || (), @{$config{cflags}}) -} diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 759d4c70ed..438743e48d 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void) return &const_one; } +/* + * Old Visual Studio ARM compiler miscompiles BN_num_bits_word() + * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html + */ +#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \ + && _MSC_VER>=1400 && _MSC_VER<1501 +# define MS_BROKEN_BN_num_bits_word +# pragma optimize("", off) +#endif int BN_num_bits_word(BN_ULONG l) { BN_ULONG x, mask; @@ -131,6 +140,9 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +#ifdef MS_BROKEN_BN_num_bits_word +# pragma optimize("", on) +#endif /* * This function still leaks `a->dmax`: it's caller's responsibility to diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 37892170c0..5066331c86 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -565,8 +565,8 @@ static int win32_pathbyaddr(void *addr, char *path, int sz) /* Enumerate the modules to find one which includes me. */ do { - if ((uintptr_t) addr >= (uintptr_t) me32.modBaseAddr && - (uintptr_t) addr < (uintptr_t) (me32.modBaseAddr + me32.modBaseSize)) { + if ((size_t) addr >= (size_t) me32.modBaseAddr && + (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) { (*close_snap) (hModuleSnap); FreeLibrary(dll); # ifdef _WIN32_WCE diff --git a/crypto/o_str.c b/crypto/o_str.c index 9ad7a89dca..2d321045bd 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -220,7 +220,7 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) int openssl_strerror_r(int errnum, char *buf, size_t buflen) { -#if defined(_MSC_VER) && _MSC_VER>=1400 +#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) return !strerror_s(buf, buflen, errnum); #elif defined(_GNU_SOURCE) char *err; diff --git a/crypto/o_time.c b/crypto/o_time.c index 6d764f55e2..d990556d1e 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -41,7 +41,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) if (gmtime_s(result, timer)) return NULL; ts = result; diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index ba121eefbf..af6cd385c7 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_POSIX_IO # include # include -# ifdef _WIN32 +# if defined(_WIN32) && !defined(_WIN32_WCE) # include # include # define stat _stat diff --git a/e_os.h b/e_os.h index 34223a0bcd..9af7f3758d 100644 --- a/e_os.h +++ b/e_os.h @@ -308,7 +308,7 @@ extern FILE *_imp___iob; # if defined(OPENSSL_SYS_WINDOWS) # define strcasecmp _stricmp # define strncasecmp _strnicmp -# if (_MSC_VER >= 1310) +# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 97a776cdac..c7e637c4a4 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -241,7 +241,7 @@ typedef UINT64 uint64_t; defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) # include -# elif defined(_MSC_VER) && _MSC_VER<=1500 +# elif defined(_MSC_VER) && _MSC_VER<1600 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ From levitte at openssl.org Wed Jul 15 21:12:41 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 15 Jul 2020 21:12:41 +0000 Subject: [openssl] master update Message-ID: <1594847561.901480.32625.nullmailer@dev.openssl.org> The branch master has been updated via 7cc355c2e4e081dca3c6c345a75a2ab16800c807 (commit) from c35b8535768e22cd3b7743f4887a72e53a621a5f (commit) - Log ----------------------------------------------------------------- commit 7cc355c2e4e081dca3c6c345a75a2ab16800c807 Author: Shane Lontis Date: Mon Jun 8 14:33:27 2020 +1000 Add AES_CBC_CTS ciphers to providers Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are supported. The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly. The cipher returns the flag EVP_CIPH_FLAG_CTS. EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12094) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 + doc/man3/EVP_CIPHER_meth_new.pod | 12 +- doc/man3/EVP_EncryptInit.pod | 44 +++ doc/man7/provider-cipher.pod | 32 ++ include/openssl/core_names.h | 6 + include/openssl/evp.h | 10 +- providers/defltprov.c | 3 + providers/fips/fipsprov.c | 3 + providers/implementations/ciphers/build.info | 6 +- providers/implementations/ciphers/cipher_aes.c | 2 + .../ciphers/cipher_aes_cts.h} | 13 +- .../implementations/ciphers/cipher_aes_cts.inc | 108 ++++++ .../implementations/ciphers/cipher_aes_cts_fips.c | 368 +++++++++++++++++++++ .../implementations/include/prov/ciphercommon.h | 3 + .../implementations/include/prov/implementations.h | 3 + test/evp_test.c | 18 + test/recipes/30-test_evp.t | 3 +- test/recipes/30-test_evp_data/evpciph_aes_cts.txt | 362 ++++++++++++++++++++ 18 files changed, 978 insertions(+), 23 deletions(-) copy providers/{common/der/der_ec_gen.c.in => implementations/ciphers/cipher_aes_cts.h} (54%) create mode 100644 providers/implementations/ciphers/cipher_aes_cts.inc create mode 100644 providers/implementations/ciphers/cipher_aes_cts_fips.c create mode 100644 test/recipes/30-test_evp_data/evpciph_aes_cts.txt diff --git a/CHANGES.md b/CHANGES.md index 4e0002f668..68d269cb5d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and + AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported. + + *Shane Lontis* + * 'Configure' has been changed to figure out the configuration target if none is given on the command line. Consequently, the 'config' script is now only a mere wrapper. All documentation is changed to only mention diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod index 272e80115c..92ce1d902f 100644 --- a/doc/man3/EVP_CIPHER_meth_new.pod +++ b/doc/man3/EVP_CIPHER_meth_new.pod @@ -153,15 +153,11 @@ decryption is to be understood as the number of bits instead of bytes for this implementation. This is only useful for CFB1 ciphers. -=begin comment -The FIPS flags seem to be unused, so I'm hiding them until I get an -explanation or they get removed. /RL +=item EVP_CIPH_FLAG_CTS -=item EVP_CIPH_FLAG_FIPS - -=item EVP_CIPH_FLAG_NON_FIPS_ALLOW - -=end comment +Indicates that the cipher uses ciphertext stealing. This is currently +used to indicate that the cipher is a one shot that only allows a single call to +EVP_CipherUpdate(). =item EVP_CIPH_FLAG_CUSTOM_CIPHER diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 36efb4090d..d40402ba1d 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -800,6 +800,50 @@ with a 128-bit key: return 1; } +Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. + + int encrypt(const unsigned char *key, const unsigned char *iv, + const unsigned char *msg, size_t msg_len, unsigned char *out) + { + /* + * This assumes that key size is 32 bytes and the iv is 16 bytes. + * For ciphertext stealing mode the length of the ciphertext "out" will be + * the same size as the plaintext size "msg_len". + * The "msg_len" can be any size >= 16. + */ + int ret = 0, encrypt = 1, outlen, len; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher = NULL; + OSSL_PARAM params[2]; + + ctx = EVP_CIPHER_CTX_new(); + cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL); + if (ctx == NULL || cipher == NULL) + goto err; + + if (!EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, encrypt)) + goto err; + /* + * The default is "CS1" so this is not really needed, + * but would be needed to set either "CS2" or "CS3". + */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, + "CS1", 0); + params[1] = OSSL_PARAM_construct_end(); + if (!EVP_CIPHER_CTX_set_params(ctx, params)) + goto err; + + /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ + if (!EVP_CipherUpdate(ctx, encrypted, &outlen, msg, msglen)) + goto err; + if (!EVP_CipherFinal_ex(ctx, encrypted + outlen, &len)) + goto err; + ret = 1; + err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; + } =head1 SEE ALSO diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index bb8df17514..83f1768302 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -410,6 +410,38 @@ Byte 11-12: Input length (Always 0) Gets the result of running the "tls1multi_aad" operation. +=item "cts_mode" (B) + +Sets the cipher text stealing mode. For all modes the output size is the same as +the input size. + +Valid values for the mode are: + +=over 4 + +=item "CS1" + +The NIST variant of cipher text stealing. +For message lengths that are multiples of the block size it is equivalent to +using a "AES-CBC" cipher otherwise the second last cipher text block is a +partial block. + +=item "CS2" + +For message lengths that are multiples of the block size it is equivalent to +using a "AES-CBC" cipher, otherwise it is the same as "CS3". + +=item "CS3" + +The Kerberos5 variant of cipher text stealing which always swaps the last +cipher text block with the previous block (which may be a partial or full block +depending on the input length). + +=back + +The default is "CS1". +This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". + =back =head1 RETURN VALUES diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 9ad81337c3..702ee6a6ed 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -66,6 +66,7 @@ extern "C" { #define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ #define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ #define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ +#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ /* For passing the AlgorithmIdentifier parameter in DER form */ #define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ @@ -86,6 +87,11 @@ extern "C" { #define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ "tls1multi_enclen" /* size_t */ +/* OSSL_CIPHER_PARAM_CTS_MODE Values */ +#define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +#define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +#define OSSL_CIPHER_CTS_MODE_CS3 "CS3" + /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ #define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 644a214a6e..85a939b5c3 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -287,13 +287,15 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, /* Free: 0x1000 */ /* Buffer length in bits not bytes: CFB1 mode only */ # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 -/* Note if suitable for use in FIPS mode */ -# define EVP_CIPH_FLAG_FIPS 0x4000 -/* Allow non FIPS cipher in FIPS mode */ -# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* Deprecated FIPS flag: was 0x4000 */ +# define EVP_CIPH_FLAG_FIPS 0 +/* Deprecated FIPS flag: was 0x8000 */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0 + /* * Cipher handles any and all padding logic as well as finalisation. */ +# define EVP_CIPH_FLAG_CTS 0x4000 # define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 diff --git a/providers/defltprov.c b/providers/defltprov.c index c92736e547..d404585afd 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -154,6 +154,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = { ALG("AES-256-CBC", aes256cbc_functions), ALG("AES-192-CBC", aes192cbc_functions), ALG("AES-128-CBC", aes128cbc_functions), + ALG("AES-128-CBC-CTS", aes128cbc_cts_functions), + ALG("AES-192-CBC-CTS", aes192cbc_cts_functions), + ALG("AES-256-CBC-CTS", aes256cbc_cts_functions), ALG("AES-256-OFB", aes256ofb_functions), ALG("AES-192-OFB", aes192ofb_functions), ALG("AES-128-OFB", aes128ofb_functions), diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index f7289ad75e..a998e392d7 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -399,6 +399,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ALG("AES-256-CBC", aes256cbc_functions), ALG("AES-192-CBC", aes192cbc_functions), ALG("AES-128-CBC", aes128cbc_functions), + ALG("AES-256-CBC-CTS", aes256cbc_cts_functions), + ALG("AES-192-CBC-CTS", aes192cbc_cts_functions), + ALG("AES-128-CBC-CTS", aes128cbc_cts_functions), ALG("AES-256-OFB", aes256ofb_functions), ALG("AES-192-OFB", aes192ofb_functions), ALG("AES-128-OFB", aes128ofb_functions), diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index a952c21638..9199ae0a92 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -49,9 +49,9 @@ SOURCE[$AES_GOAL]=\ cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c # Extra code to satisfy the FIPS and non-FIPS separation. -# When the AES-xxx-XTS moves to legacy, this can be removed. -SOURCE[../../libfips.a]=cipher_aes_xts_fips.c -SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c +# When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed. +SOURCE[../../libfips.a]=cipher_aes_xts_fips.c cipher_aes_cts_fips.c +SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c cipher_aes_cts_fips.c IF[{- !$disabled{siv} -}] SOURCE[$SIV_GOAL]=\ diff --git a/providers/implementations/ciphers/cipher_aes.c b/providers/implementations/ciphers/cipher_aes.c index decc27517c..b0c716e3b7 100644 --- a/providers/implementations/ciphers/cipher_aes.c +++ b/providers/implementations/ciphers/cipher_aes.c @@ -86,3 +86,5 @@ IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 256, 8, 128, stream) IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 192, 8, 128, stream) /* aes128ctr_functions */ IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 128, 8, 128, stream) + +#include "cipher_aes_cts.inc" diff --git a/providers/common/der/der_ec_gen.c.in b/providers/implementations/ciphers/cipher_aes_cts.h similarity index 54% copy from providers/common/der/der_ec_gen.c.in copy to providers/implementations/ciphers/cipher_aes_cts.h index 40acf9a31c..6b0dfdd2c1 100644 --- a/providers/common/der/der_ec_gen.c.in +++ b/providers/implementations/ciphers/cipher_aes_cts.h @@ -7,11 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include "prov/der_ec.h" +#include "crypto/evp.h" -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} +OSSL_FUNC_cipher_update_fn aes_cbc_cts_block_update; +OSSL_FUNC_cipher_final_fn aes_cbc_cts_block_final; + +const char *aes_cbc_cts_mode_id2name(unsigned int id); +int aes_cbc_cts_mode_name2id(const char *name); diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc new file mode 100644 index 0000000000..5b33e972c5 --- /dev/null +++ b/providers/implementations/ciphers/cipher_aes_cts.inc @@ -0,0 +1,108 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for AES CBC CTS ciphers */ + +#include "cipher_aes_cts.h" +#include "prov/providercommonerr.h" + +static OSSL_FUNC_cipher_get_ctx_params_fn aes_cbc_cts_get_ctx_params; +static OSSL_FUNC_cipher_set_ctx_params_fn aes_cbc_cts_set_ctx_params; +static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_cbc_cts_gettable_ctx_params; +static OSSL_FUNC_cipher_settable_ctx_params_fn aes_cbc_cts_settable_ctx_params; + +CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(aes_cbc_cts) +OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0), +CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(aes_cbc_cts) + +static int aes_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE); + if (p != NULL) { + const char *name = aes_cbc_cts_mode_id2name(ctx->cts_mode); + + if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + return cipher_generic_get_ctx_params(vctx, params); +} + +CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(aes_cbc_cts) +OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0), +CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(aes_cbc_cts) + +static int aes_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + const OSSL_PARAM *p; + int id; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_CTS_MODE); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + goto err; + id = aes_cbc_cts_mode_name2id(p->data); + if (id < 0) + goto err; + + ctx->cts_mode = (unsigned int)id; + } + return cipher_generic_set_ctx_params(vctx, params); +err: + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; +} + +/* NOTE: The underlying block cipher is AES CBC so we reuse most of the code */ +#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ +static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ +static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ +{ \ + return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \ + kbits, blkbits, ivbits); \ +} \ +const OSSL_DISPATCH alg##kbits##lcmode##_cts_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, \ + (void (*)(void)) alg##_##lcmode##_cts_block_update }, \ + { OSSL_FUNC_CIPHER_FINAL, \ + (void (*)(void)) alg##_##lcmode##_cts_block_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))aes_cbc_cts_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))aes_cbc_cts_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))aes_cbc_cts_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))aes_cbc_cts_settable_ctx_params }, \ + { 0, NULL } \ +}; + +/* aes256cbc_cts_functions */ +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 256, 128, 128, block) +/* aes192cbc_cts_functions */ +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 192, 128, 128, block) +/* aes128cbc_cts_functions */ +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 128, 128, 128, block) diff --git a/providers/implementations/ciphers/cipher_aes_cts_fips.c b/providers/implementations/ciphers/cipher_aes_cts_fips.c new file mode 100644 index 0000000000..81e81ad5f2 --- /dev/null +++ b/providers/implementations/ciphers/cipher_aes_cts_fips.c @@ -0,0 +1,368 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Helper functions for AES CBC CTS ciphers related to fips */ + +/* + * Refer to SP800-38A-Addendum + * + * Ciphertext stealing encrypts plaintext using a block cipher, without padding + * the message to a multiple of the block size, so the ciphertext is the same + * size as the plaintext. + * It does this by altering processing of the last two blocks of the message. + * The processing of all but the last two blocks is unchanged, but a portion of + * the second-last block's ciphertext is "stolen" to pad the last plaintext + * block. The padded final block is then encrypted as usual. + * The final ciphertext for the last two blocks, consists of the partial block + * (with the "stolen" portion omitted) plus the full final block, + * which are the same size as the original plaintext. + * Decryption requires decrypting the final block first, then restoring the + * stolen ciphertext to the partial block, which can then be decrypted as usual. + + * AES_CBC_CTS has 3 variants: + * (1) CS1 The NIST variant. + * If the length is a multiple of the blocksize it is the same as CBC mode. + * otherwise it produces C1||C2||(C(n-1))*||Cn. + * Where C(n-1)* is a partial block. + * (2) CS2 + * If the length is a multiple of the blocksize it is the same as CBC mode. + * otherwise it produces C1||C2||Cn||(C(n-1))*. + * Where C(n-1)* is a partial block. + * (3) CS3 The Kerberos5 variant. + * Produces C1||C2||Cn||(C(n-1))* regardless of the length. + * If the length is a multiple of the blocksize it looks similar to CBC mode + * with the last 2 blocks swapped. + * Otherwise it is the same as CS2. + */ + +#include "e_os.h" /* strcasecmp */ +#include +#include +#include "prov/ciphercommon.h" +#include "internal/nelem.h" +#include "cipher_aes_cts.h" + +/* The value assigned to 0 is the default */ +#define CTS_CS1 0 +#define CTS_CS2 1 +#define CTS_CS3 2 + +typedef union { + size_t align; + unsigned char c[AES_BLOCK_SIZE]; +} aligned_16bytes; + +typedef struct cts_mode_name2id_st { + unsigned int id; + const char *name; +} CTS_MODE_NAME2ID; + +static CTS_MODE_NAME2ID cts_modes[] = +{ + { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 }, +#ifndef FIPS_MODULE + { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 }, + { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 }, +#endif +}; + +const char *aes_cbc_cts_mode_id2name(unsigned int id) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { + if (cts_modes[i].id == id) + return cts_modes[i].name; + } + return NULL; +} + +int aes_cbc_cts_mode_name2id(const char *name) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { + if (strcasecmp(name, cts_modes[i].name) == 0) + return (int)cts_modes[i].id; + } + return -1; +} + +static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + aligned_16bytes tmp_in; + size_t residue; + + residue = len % AES_BLOCK_SIZE; + len -= residue; + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + + if (residue == 0) + return len; + + in += len; + out += len; + + memset(tmp_in.c, 0, sizeof(tmp_in)); + memcpy(tmp_in.c, in, residue); + if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE + residue, tmp_in.c, + AES_BLOCK_SIZE)) + return 0; + return len + residue; +} + +static void do_xor(const unsigned char *in1, const unsigned char *in2, + size_t len, unsigned char *out) +{ + size_t i; + + for (i = 0; i < len; ++i) + out[i] = in1[i] ^ in2[i]; +} + +static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + aligned_16bytes mid_iv, ct_mid, pt_last; + size_t residue; + + residue = len % AES_BLOCK_SIZE; + if (residue == 0) { + /* If there are no partial blocks then it is the same as CBC mode */ + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + return len; + } + /* Process blocks at the start - but leave the last 2 blocks */ + len -= AES_BLOCK_SIZE + residue; + if (len > 0) { + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + in += len; + out += len; + } + /* Save the iv that will be used by the second last block */ + memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE); + + /* Decrypt the last block first using an iv of zero */ + memset(ctx->iv, 0, AES_BLOCK_SIZE); + if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, AES_BLOCK_SIZE)) + return 0; + + /* + * Rebuild the ciphertext of the second last block as a combination of + * the decrypted last block + replace the start with the ciphertext bytes + * of the partial second last block. + */ + memcpy(ct_mid.c, in, residue); + memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue); + /* + * Restore the last partial ciphertext block. + * Now that we have the cipher text of the second last block, apply + * that to the partial plaintext end block. We have already decrypted the + * block using an IV of zero. For decryption the IV is just XORed after + * doing an AES block - so just XOR in the cipher text. + */ + do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE); + + /* Restore the iv needed by the second last block */ + memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE); + /* + * Decrypt the second last plaintext block now that we have rebuilt the + * ciphertext. + */ + if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE)) + return 0; + + return len + AES_BLOCK_SIZE + residue; +} + +#ifndef FIPS_MODULE +static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + aligned_16bytes tmp_in; + size_t residue; + + if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */ + return 0; + + residue = len % AES_BLOCK_SIZE; + if (residue == 0) + residue = AES_BLOCK_SIZE; + len -= residue; + + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + + in += len; + out += len; + + memset(tmp_in.c, 0, sizeof(tmp_in)); + memcpy(tmp_in.c, in, residue); + memcpy(out, out - AES_BLOCK_SIZE, residue); + if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE, tmp_in.c, AES_BLOCK_SIZE)) + return 0; + return len + residue; +} + +/* + * Note: + * The cipher text (in) is of the form C(0), C(1), ., C(n), C(n-1)* where + * C(n) is a full block and C(n-1)* can be a partial block + * (but could be a full block). + * This means that the output plaintext (out) needs to swap the plaintext of + * the last two decoded ciphertext blocks. + */ +static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + aligned_16bytes mid_iv, ct_mid, pt_last; + size_t residue; + + if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */ + return 0; + + /* Process blocks at the start - but leave the last 2 blocks */ + residue = len % AES_BLOCK_SIZE; + if (residue == 0) + residue = AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE + residue; + + if (len > 0) { + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + in += len; + out += len; + } + /* Save the iv that will be used by the second last block */ + memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE); + + /* Decrypt the Cn block first using an iv of zero */ + memset(ctx->iv, 0, AES_BLOCK_SIZE); + if (!ctx->hw->cipher(ctx, pt_last.c, in, AES_BLOCK_SIZE)) + return 0; + + /* + * Rebuild the ciphertext of C(n-1) as a combination of + * the decrypted C(n) block + replace the start with the ciphertext bytes + * of the partial last block. + */ + memcpy(ct_mid.c, in + AES_BLOCK_SIZE, residue); + if (residue != AES_BLOCK_SIZE) + memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue); + /* + * Restore the last partial ciphertext block. + * Now that we have the cipher text of the second last block, apply + * that to the partial plaintext end block. We have already decrypted the + * block using an IV of zero. For decryption the IV is just XORed after + * doing an AES block - so just XOR in the ciphertext. + */ + do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE); + + /* Restore the iv needed by the second last block */ + memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE); + /* + * Decrypt the second last plaintext block now that we have rebuilt the + * ciphertext. + */ + if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE)) + return 0; + + return len + AES_BLOCK_SIZE + residue; +} + +static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + if (len % AES_BLOCK_SIZE == 0) { + /* If there are no partial blocks then it is the same as CBC mode */ + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + return len; + } + /* For partial blocks CS2 is equivalent to CS3 */ + return cts128_cs3_encrypt(ctx, in, out, len); +} + +static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + if (len % AES_BLOCK_SIZE == 0) { + /* If there are no partial blocks then it is the same as CBC mode */ + if (!ctx->hw->cipher(ctx, out, in, len)) + return 0; + return len; + } + /* For partial blocks CS2 is equivalent to CS3 */ + return cts128_cs3_decrypt(ctx, in, out, len); +} +#endif + +int aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + size_t sz = 0; + + if (inl < AES_BLOCK_SIZE) /* There must be at least one block for CTS mode */ + return 0; + if (outsize < inl) + return 0; + if (out == NULL) { + *outl = inl; + return 1; + } + + /* + * Return an error if the update is called multiple times, only one shot + * is supported. + */ + if (ctx->updated == 1) + return 0; + + if (ctx->enc) { +#ifdef FIPS_MODULE + sz = cts128_cs1_encrypt(ctx, in, out, inl); +#else + if (ctx->cts_mode == CTS_CS1) + sz = cts128_cs1_encrypt(ctx, in, out, inl); + else if (ctx->cts_mode == CTS_CS2) + sz = cts128_cs2_encrypt(ctx, in, out, inl); + else if (ctx->cts_mode == CTS_CS3) + sz = cts128_cs3_encrypt(ctx, in, out, inl); +#endif + } else { +#ifdef FIPS_MODULE + sz = cts128_cs1_decrypt(ctx, in, out, inl); +#else + if (ctx->cts_mode == CTS_CS1) + sz = cts128_cs1_decrypt(ctx, in, out, inl); + else if (ctx->cts_mode == CTS_CS2) + sz = cts128_cs2_decrypt(ctx, in, out, inl); + else if (ctx->cts_mode == CTS_CS3) + sz = cts128_cs3_decrypt(ctx, in, out, inl); +#endif + } + if (sz == 0) + return 0; + ctx->updated = 1; /* Stop multiple updates being allowed */ + *outl = sz; + return 1; +} + +int aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + *outl = 0; + return 1; +} diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index a5ffbc48a1..7e8143fae0 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -47,9 +47,12 @@ struct prov_cipher_ctx_st { size_t ivlen; size_t blocksize; size_t bufsz; /* Number of bytes in buf */ + unsigned int cts_mode; /* Use to set the type for CTS modes */ unsigned int pad : 1; /* Whether padding should be used or not */ unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */ + unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */ + unsigned int tlsversion; /* If TLS padding is in use the TLS version number */ unsigned char *tlsmac; /* tls MAC extracted from the last record */ diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index ee942e94e1..0b32f3727c 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -45,6 +45,9 @@ extern const OSSL_DISPATCH aes128ecb_functions[]; extern const OSSL_DISPATCH aes256cbc_functions[]; extern const OSSL_DISPATCH aes192cbc_functions[]; extern const OSSL_DISPATCH aes128cbc_functions[]; +extern const OSSL_DISPATCH aes256cbc_cts_functions[]; +extern const OSSL_DISPATCH aes192cbc_cts_functions[]; +extern const OSSL_DISPATCH aes128cbc_cts_functions[]; extern const OSSL_DISPATCH aes256ofb_functions[]; extern const OSSL_DISPATCH aes192ofb_functions[]; extern const OSSL_DISPATCH aes128ofb_functions[]; diff --git a/test/evp_test.c b/test/evp_test.c index c0b7b6f50f..7e93b41f32 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -514,6 +514,7 @@ typedef struct cipher_data_st { unsigned char *aad[AAD_NUM]; size_t aad_len[AAD_NUM]; unsigned char *tag; + const char *cts_mode; size_t tag_len; int tag_late; } CIPHER_DATA; @@ -628,6 +629,10 @@ static int cipher_test_parse(EVP_TEST *t, const char *keyword, return -1; return 1; } + if (strcmp(keyword, "CTSMode") == 0) { + cdat->cts_mode = value; + return 1; + } return 0; } @@ -687,6 +692,18 @@ static int cipher_test_enc(EVP_TEST *t, int enc, t->err = "CIPHERINIT_ERROR"; goto err; } + if (expected->cts_mode != NULL) { + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, + (char *)expected->cts_mode, + 0); + params[1] = OSSL_PARAM_construct_end(); + if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) { + t->err = "INVALID_CTS_MODE"; + goto err; + } + } if (expected->iv) { if (expected->aead) { if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, @@ -939,6 +956,7 @@ static int cipher_test_run(EVP_TEST *t) * lengths so we don't fragment for those */ if (cdat->aead == EVP_CIPH_CCM_MODE + || ((EVP_CIPHER_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_SIV_MODE || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 3855d8a3b9..32639b77a5 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -32,7 +32,8 @@ my @configs = ( $defaultcnf ); push @configs, 'fips.cnf' unless $no_fips; my @files = qw( evprand.txt evpciph.txt evpdigest.txt evppkey.txt - evppkey_ecc.txt ); + evppkey_ecc.txt evpciph_aes_cts.txt); + my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt evppbe.txt evpcase.txt evpccmcavs.txt ); my @ideafiles = qw( evpciph_idea.txt ); diff --git a/test/recipes/30-test_evp_data/evpciph_aes_cts.txt b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt new file mode 100644 index 0000000000..83bac2c5c8 --- /dev/null +++ b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt @@ -0,0 +1,362 @@ +# +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3 +# These have an IV of all zeros, for a 128 bit AES key. + +# 17 bytes Input +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97 + +# 31 bytes input +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5 + +# 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block) +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584 + +# 47 bytes input +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5 + +# 48 bytes input +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8 + +# 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block) +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a84807efe836ee89a526730dbc2f7bc8409dad8bbb96c4cdc03bc103e1a194bbd8 + +#------------------------------------------------------ +# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2) + +# 32 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 + +# 48 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8 + +# 64 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 + +#------------------------------------------------------ +# Manually edited using the same inputs to also produce CS2 ciphertext +# where aligned blocks are the same as CBC mode, and partial lengths +# are the same as CS3. + +# 17 bytes Input (For partial blocks the output should match CS3) +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97 + +# 31 bytes input (For partial blocks the output should match CS3) +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5 + +# 32 bytes input (Aligned blocks should match normal CBC mode) +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 + +# 47 bytes input +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5 + +# 64 bytes input (CS2 is equivalent to CBC when the last block in full) +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 + +#------------------------------------------------------ +# Manually edited using the same inputs to also produce CS1 ciphertext +# where aligned blocks are the same as CBC mode, and partial lengths +# have the last 2 blocks swapped compared to CS3. + +# 17 bytes Input((Default is CS1 if CTSMode is not specified) +Cipher = AES-128-CBC-CTS +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f + +# 31 bytes input +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22 + +# 32 bytes input +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 + +# 47 bytes input +Cipher = AES-128-CBC-CTS +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e + +# 64 bytes input (CS1 is equivalent to CBC when the last block in full) +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 + +#------------------------------------------------------------------------------- +# Generated test values using an IV. + +# 47 bytes input +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0426da5c54a9990f5ae0b7825f51f0060b557cfb581949a4bdf3bb67dedd472 + +# 47 bytes input +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV =000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060 + +# 127 bytes +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570 +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f + +# 129 bytes +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49 +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef + +#------------------------------------------------------------------------------- +# 17 Bytes +Cipher = AES-192-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV =000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9 + +# 31 Bytes +Cipher = AES-192-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e + +# 32 Bytes +Cipher = AES-192-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 31d005cc9fea948fed1ba6308dad9dd1e9de17d6248fb492bdea1fb2e09c8e8e + +# 17 Bytes +Cipher = AES-192-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = de1b402de8f79f947cc6b5880588d9b6e9 + +# 31 Bytes +Cipher = AES-192-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = dea2b610546f3b1e1d231821e283e153e9de17d6248fb492bdea1fb2e09c8e + +# 32 Bytes +Cipher = AES-192-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1 + +# 17 Bytes +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6 + +# 31 Bytes +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153 + +# 32 Bytes +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1 + +#------------------------------------------------------------------------------- +# 17 Bytes +Cipher = AES-256-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = 6b5f5abc21c4d04156c73850da3bba29e9 + +# 31 Bytes +Cipher = AES-256-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = f22553af78ee4f468f02fbe6f0f2168ee954e79fae9310dc75b6070e1d6253 + +# 32 Bytes +Cipher = AES-256-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 2c0463982174df10baa9d8f782c5a5b3e954e79fae9310dc75b6070e1d625346 + +#------------------------------------------------------------------------------ +# Failure tests + +# 15 bytes should fail for CS1 +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F +Result = CIPHERUPDATE_ERROR + +# 15 bytes should fail for CS2 +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F +Result = CIPHERUPDATE_ERROR + +# 15 bytes should fail for CS3 +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F +Result = CIPHERUPDATE_ERROR + +# 16 bytes should fail for CS3 (since it always needs 2 blocks). +Cipher = AES-128-CBC-CTS +Availablein = default +CTSMode = CS3 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F00 +Result = CIPHERUPDATE_ERROR From levitte at openssl.org Wed Jul 15 21:18:25 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 15 Jul 2020 21:18:25 +0000 Subject: [openssl] master update Message-ID: <1594847905.613902.18909.nullmailer@dev.openssl.org> The branch master has been updated via 5744dacb3a9d785d587afb61831cb1ff2be6ed0d (commit) via d3b243d15bdbd4191a8c615f3654d00e1194d17c (commit) from 7cc355c2e4e081dca3c6c345a75a2ab16800c807 (commit) - Log ----------------------------------------------------------------- commit 5744dacb3a9d785d587afb61831cb1ff2be6ed0d Author: Rich Salz Date: Sun Jun 28 21:11:48 2020 -0400 Make -provider_name and -section_name optional Reviewed-by: Matthias St. Pierre Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12311) commit d3b243d15bdbd4191a8c615f3654d00e1194d17c Author: Rich Salz Date: Mon Jun 22 20:49:51 2020 -0400 Use defaults FIPSKEY if not given on command line Reviewed-by: Matthias St. Pierre Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12311) ----------------------------------------------------------------------- Summary of changes: apps/fipsinstall.c | 13 ++++++------- doc/man1/openssl-fipsinstall.pod.in | 4 ++-- test/recipes/30-test_acvp.t | 4 +--- test/recipes/30-test_evp.t | 4 +--- test/recipes/30-test_evp_fetch_prov.t | 5 ++--- test/recipes/80-test_ssl_new.t | 5 ++--- test/recipes/80-test_ssl_old.t | 6 +++--- test/recipes/90-test_sslapi.t | 4 +--- 8 files changed, 18 insertions(+), 27 deletions(-) diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index e76e615bc6..7efdd65d46 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -22,8 +22,6 @@ DEFINE_STACK_OF_STRING() #define BUFSIZE 4096 -#define DEFAULT_MAC_NAME "HMAC" -#define DEFAULT_FIPS_SECTION "fips_check_section" /* Configuration file values */ #define VERSION_KEY "version" @@ -268,10 +266,12 @@ end: int fipsinstall_main(int argc, char **argv) { int ret = 1, verify = 0, gotkey = 0, gotdigest = 0; + const char *section_name = "fips_sect"; + const char *mac_name = "HMAC"; + const char *prov_name = "fips"; BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL; - char *in_fname = NULL, *out_fname = NULL, *prog, *section_name = NULL; - char *prov_name = NULL, *module_fname = NULL; - static const char *mac_name = DEFAULT_MAC_NAME; + char *in_fname = NULL, *out_fname = NULL, *prog; + char *module_fname = NULL; EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL; STACK_OF(OPENSSL_STRING) *opts = NULL; OPTION_CHOICE o; @@ -283,7 +283,6 @@ int fipsinstall_main(int argc, char **argv) EVP_MAC *mac = NULL; CONF *conf = NULL; - section_name = DEFAULT_FIPS_SECTION; if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) goto end; @@ -345,7 +344,7 @@ opthelp: argc = opt_num_rest(); if (module_fname == NULL || (verify && in_fname == NULL) - || (!verify && (out_fname == NULL || prov_name == NULL)) + || (!verify && out_fname == NULL) || argc != 0) goto opthelp; diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 16fedb6d03..30df7bf3e9 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -74,12 +74,12 @@ Verify that the input configuration file contains the correct information. =item B<-provider_name> I Name of the provider inside the configuration file. -This must be specified. +The default value is C. =item B<-section_name> I Name of the section inside the configuration file. -This must be specified. +The default value is C. =item B<-mac_name> I diff --git a/test/recipes/30-test_acvp.t b/test/recipes/30-test_acvp.t index 49cd484a30..8cfc07ecf7 100644 --- a/test/recipes/30-test_acvp.t +++ b/test/recipes/30-test_acvp.t @@ -31,9 +31,7 @@ plan tests => 2; ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile, - '-provider_name', 'fips', - '-section_name', 'fips_sect'])), + '-module', $infile])), "fipsinstall"); ok(run(test(["acvp_test", "-config", srctop_file("test","fips.cnf")])), diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 32639b77a5..c94893a5bc 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -85,9 +85,7 @@ unless ($no_fips) { ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile, - '-provider_name', 'fips', - '-section_name', 'fips_sect'])), + '-module', $infile])), "fipsinstall"); } diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index f53fdb0700..81b3c62cc4 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -21,6 +21,7 @@ use lib bldtop_dir('.'); use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $infile = bldtop_file('providers', platform->dso('fips')); my @types = ( "digest", "cipher" ); @@ -46,9 +47,7 @@ unless ($no_fips) { push @setups, { cmd => app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips')), - '-provider_name', 'fips', - '-section_name', 'fips_sect']), + '-module', $infile]), message => "fipsinstall" }; push @testdata, ( diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 1df21d7ad1..6051adbfb2 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -25,6 +25,7 @@ use lib bldtop_dir('.'); use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $infile = bldtop_file('providers', platform->dso('fips')); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); @@ -117,9 +118,7 @@ my %skip = ( unless ($no_fips) { ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips')), - '-provider_name', 'fips', - '-section_name', 'fips_sect'])), + '-module', $infile])), "fipsinstall"); } diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 814fe7ce6d..210346cb70 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -25,6 +25,8 @@ use lib bldtop_dir('.'); use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $infile = bldtop_file('providers', platform->dso('fips')); + my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = @@ -85,9 +87,7 @@ plan tests => unless ($no_fips) { ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips')), - '-provider_name', 'fips', - '-section_name', 'fips_sect'])), + '-module', $infile])), "fipsinstall"); } diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index c32221b9f6..9af8435f6e 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -39,9 +39,7 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"), unless ($no_fips) { ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', bldtop_file('providers', platform->dso('fips')), - '-provider_name', 'fips', - '-section_name', 'fips_sect'])), + '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); ok(run(test(["sslapitest", srctop_dir("test", "certs"), From levitte at openssl.org Wed Jul 15 21:21:08 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 15 Jul 2020 21:21:08 +0000 Subject: [openssl] master update Message-ID: <1594848068.982957.3220.nullmailer@dev.openssl.org> The branch master has been updated via e45d943665e806ff49d06cfbdd566a8e2d57d56d (commit) from 5744dacb3a9d785d587afb61831cb1ff2be6ed0d (commit) - Log ----------------------------------------------------------------- commit e45d943665e806ff49d06cfbdd566a8e2d57d56d Author: Shane Lontis Date: Wed Jul 1 14:37:32 2020 +1000 Add FIPS related configuration data to the default openssl application configuration file Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12333) ----------------------------------------------------------------------- Summary of changes: apps/openssl-vms.cnf | 34 ++++++++++++++++++++++++++++++---- apps/openssl.cnf | 34 ++++++++++++++++++++++++++++++---- doc/man5/config.pod | 1 + 3 files changed, 61 insertions(+), 8 deletions(-) diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index 2420e9c9f5..ca21149efd 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -1,7 +1,9 @@ # # OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. +# See doc/man5/config.pod for more info. # +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers # Note that you can include other files from the main configuration # file using the .include directive. @@ -11,9 +13,12 @@ # defined. HOME = . + # Use this in order to automatically load providers. +openssl_conf = openssl_init + # Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids +# oid_file = $ENV::HOME/.oid +oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the @@ -23,7 +28,6 @@ oid_section = new_oids # X.509v3 extensions in its main [= default] section.) [ new_oids ] - # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 @@ -35,6 +39,28 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +default = default_sect +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +[default_sect] +# activate = 1 + + #################################################################### [ ca ] default_ca = CA_default # The default ca section diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 4fd5286d2e..3e8c0cbb2c 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -1,7 +1,9 @@ # # OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. +# See doc/man5/config.pod for more info. # +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers # Note that you can include other files from the main configuration # file using the .include directive. @@ -11,9 +13,12 @@ # defined. HOME = . + # Use this in order to automatically load providers. +openssl_conf = openssl_init + # Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids +# oid_file = $ENV::HOME/.oid +oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the @@ -23,7 +28,6 @@ oid_section = new_oids # X.509v3 extensions in its main [= default] section.) [ new_oids ] - # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 @@ -35,6 +39,28 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +default = default_sect +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +[default_sect] +# activate = 1 + + #################################################################### [ ca ] default_ca = CA_default # The default ca section diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 13bd526c49..58948b4b78 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -474,6 +474,7 @@ configuration files using that syntax will have to be modified. =head1 SEE ALSO L, L, L, +L, L, L, L, From levitte at openssl.org Wed Jul 15 21:22:59 2020 From: levitte at openssl.org (Richard Levitte) Date: Wed, 15 Jul 2020 21:22:59 +0000 Subject: [openssl] master update Message-ID: <1594848179.735923.5958.nullmailer@dev.openssl.org> The branch master has been updated via 55affcadbe4aac7d4832448b8c071b582da4e344 (commit) from e45d943665e806ff49d06cfbdd566a8e2d57d56d (commit) - Log ----------------------------------------------------------------- commit 55affcadbe4aac7d4832448b8c071b582da4e344 Author: Daniel Bevenius Date: Thu Jul 9 07:28:19 2020 +0200 Configure: fix minor typo in apitable comment Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12398) ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index ce7c895ca0..c9b5c59726 100755 --- a/Configure +++ b/Configure @@ -190,7 +190,7 @@ my $apitable = { # The numbering used changes from 3.0 and on because we updated # (solidified) our version numbering scheme at that point. - # From 3.0 and on, we internalise the given version number in dedcimal + # From 3.0 and on, we internalise the given version number in decimal # as MAJOR * 10000 + MINOR * 100 + 0 "3.0.0" => 30000, "3.0" => 30000, From openssl at openssl.org Wed Jul 15 23:56:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 15 Jul 2020 23:56:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1594857371.513859.24748.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8037A499587F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80F7CB0AE07F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80F7CB0AE07F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3019, 1692 wallclock secs (11.46 usr 1.45 sys + 1524.56 cusr 153.21 csys = 1690.68 CPU) Result: FAIL Makefile:2501: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2499: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 16 00:59:48 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 00:59:48 +0000 Subject: Errored: openssl/openssl#36135 (master - c35b853) In-Reply-To: Message-ID: <5f0fa683e0a47_13fea424d6cc0122220@travis-pro-tasks-68fc889b8d-sh4s8.mail> Build Update for openssl/openssl ------------------------------------- Build: #36135 Status: Errored Duration: 1 hr, 16 mins, and 39 secs Commit: c35b853 (master) Author: aSoujyuTanaka Message: Enable WinCE build without deceiving _MSC_VER. Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11526) View the changeset: https://github.com/openssl/openssl/compare/ce3080e931d7...c35b8535768e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175785504?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 16 01:48:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 01:48:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1594864094.835051.22340.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3089, 868 wallclock secs (13.18 usr 1.31 sys + 800.60 cusr 62.38 csys = 877.47 CPU) Result: FAIL Makefile:3129: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3127: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 16 02:49:50 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 02:49:50 +0000 Subject: Errored: openssl/openssl#36137 (master - 7cc355c) In-Reply-To: Message-ID: <5f0fc04e18095_13fe2b99145fc31164@travis-pro-tasks-68fc889b8d-pqp48.mail> Build Update for openssl/openssl ------------------------------------- Build: #36137 Status: Errored Duration: 1 hr, 28 mins, and 36 secs Commit: 7cc355c (master) Author: Shane Lontis Message: Add AES_CBC_CTS ciphers to providers Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are supported. The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly. The cipher returns the flag EVP_CIPH_FLAG_CTS. EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12094) View the changeset: https://github.com/openssl/openssl/compare/c35b8535768e...7cc355c2e4e0 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175786359?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 16 03:53:00 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 03:53:00 +0000 Subject: Errored: openssl/openssl#36138 (master - 5744dac) In-Reply-To: Message-ID: <5f0fcf1c9088e_13fe2b99b78b0386222@travis-pro-tasks-68fc889b8d-pqp48.mail> Build Update for openssl/openssl ------------------------------------- Build: #36138 Status: Errored Duration: 1 hr, 1 min, and 11 secs Commit: 5744dac (master) Author: Rich Salz Message: Make -provider_name and -section_name optional Reviewed-by: Matthias St. Pierre Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12311) View the changeset: https://github.com/openssl/openssl/compare/7cc355c2e4e0...5744dacb3a9d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175787018?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 16 03:59:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 16 Jul 2020 03:59:09 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.35598 Message-ID: <20200716035909.1.407CA139FF2456A6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 16 04:29:31 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 16 Jul 2020 04:29:31 +0000 Subject: Build completed: openssl master.35599 Message-ID: <20200716042931.1.6F6526396D56FA7F@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 16 04:51:18 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 04:51:18 +0000 Subject: Errored: openssl/openssl#36139 (master - e45d943) In-Reply-To: Message-ID: <5f0fdcc63fe21_13feec2da8770621f9@travis-pro-tasks-797fcfc787-lxp5r.mail> Build Update for openssl/openssl ------------------------------------- Build: #36139 Status: Errored Duration: 1 hr, 19 mins, and 36 secs Commit: e45d943 (master) Author: Shane Lontis Message: Add FIPS related configuration data to the default openssl application configuration file Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12333) View the changeset: https://github.com/openssl/openssl/compare/5744dacb3a9d...e45d943665e8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175787358?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 16 05:54:02 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 05:54:02 +0000 Subject: Errored: openssl/openssl#36140 (master - 55affca) In-Reply-To: Message-ID: <5f0feb7ad730_13feec46403f0147453@travis-pro-tasks-797fcfc787-lxp5r.mail> Build Update for openssl/openssl ------------------------------------- Build: #36140 Status: Errored Duration: 1 hr, 20 mins, and 43 secs Commit: 55affca (master) Author: Daniel Bevenius Message: Configure: fix minor typo in apitable comment Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12398) View the changeset: https://github.com/openssl/openssl/compare/e45d943665e8...55affcadbe4a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175787597?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 16 07:09:39 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 07:09:39 +0000 Subject: [openssl] master update Message-ID: <1594883379.086223.19308.nullmailer@dev.openssl.org> The branch master has been updated via 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 (commit) from 55affcadbe4aac7d4832448b8c071b582da4e344 (commit) - Log ----------------------------------------------------------------- commit 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 Author: Todd Short Date: Thu Apr 11 10:47:13 2019 -0400 Add SSL_get[01]_peer_certificate() Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale Reviewed-by: Viktor Dukhovni Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8730) ----------------------------------------------------------------------- Summary of changes: apps/lib/s_cb.c | 3 +-- apps/s_client.c | 3 +-- apps/s_server.c | 6 ++---- doc/man3/SSL_get_peer_certificate.pod | 27 +++++++++++++++++++++------ include/openssl/ssl.h | 7 ++++++- ssl/ssl_lib.c | 23 ++++++++++++----------- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_lib.c | 2 +- test/handshake_helper.c | 10 +++------- test/ossl_shim/ossl_shim.cc | 2 +- test/sslapitest.c | 8 +++----- test/ssltest_old.c | 3 +-- util/libssl.num | 4 +++- util/other.syms | 1 + 14 files changed, 57 insertions(+), 44 deletions(-) diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 5bddde5b03..de72bde9ed 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1227,7 +1227,7 @@ void print_ssl_summary(SSL *s) c = SSL_get_current_cipher(s); BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); do_print_sigalgs(bio_err, s, 0); - peer = SSL_get_peer_certificate(s); + peer = SSL_get0_peer_certificate(s); if (peer != NULL) { int nid; @@ -1243,7 +1243,6 @@ void print_ssl_summary(SSL *s) } else { BIO_puts(bio_err, "No peer certificate\n"); } - X509_free(peer); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) diff --git a/apps/s_client.c b/apps/s_client.c index 5a5a40c927..91b21003fb 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3241,7 +3241,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } BIO_printf(bio, "---\n"); - peer = SSL_get_peer_certificate(s); + peer = SSL_get0_peer_certificate(s); if (peer != NULL) { BIO_printf(bio, "Server certificate\n"); @@ -3421,7 +3421,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) OPENSSL_free(exportedkeymat); } BIO_printf(bio, "---\n"); - X509_free(peer); /* flush, or debugging output gets mixed with http response */ (void)BIO_flush(bio); } diff --git a/apps/s_server.c b/apps/s_server.c index 9995953526..15d479ce0e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2939,12 +2939,11 @@ static void print_connection_info(SSL *con) PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); - peer = SSL_get_peer_certificate(con); + peer = SSL_get0_peer_certificate(con); if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); dump_cert_text(bio_s_out, peer); - X509_free(peer); peer = NULL; } @@ -3265,12 +3264,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) BIO_printf(io, "---\n"); print_stats(io, SSL_get_SSL_CTX(con)); BIO_printf(io, "---\n"); - peer = SSL_get_peer_certificate(con); + peer = SSL_get0_peer_certificate(con); if (peer != NULL) { BIO_printf(io, "Client certificate\n"); X509_print(io, peer); PEM_write_bio_X509(io, peer); - X509_free(peer); peer = NULL; } else { BIO_puts(io, "no client certificate available\n"); diff --git a/doc/man3/SSL_get_peer_certificate.pod b/doc/man3/SSL_get_peer_certificate.pod index e21e3e4fd4..b695edc689 100644 --- a/doc/man3/SSL_get_peer_certificate.pod +++ b/doc/man3/SSL_get_peer_certificate.pod @@ -2,17 +2,21 @@ =head1 NAME -SSL_get_peer_certificate - get the X509 certificate of the peer +SSL_get_peer_certificate, +SSL_get0_peer_certificate, +SSL_get1_peer_certificate - get the X509 certificate of the peer =head1 SYNOPSIS #include X509 *SSL_get_peer_certificate(const SSL *ssl); + X509 *SSL_get0_peer_certificate(const SSL *ssl); + X509 *SSL_get1_peer_certificate(const SSL *ssl); =head1 DESCRIPTION -SSL_get_peer_certificate() returns a pointer to the X509 certificate the +These functions return a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, NULL is returned. =head1 NOTES @@ -27,9 +31,15 @@ That a certificate is returned does not indicate information about the verification state, use L to check the verification state. -The reference count of the X509 object is incremented by one, so that it -will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitly freed using X509_free(). +The reference count of the X509 object returned by SSL_get1_peer_certificate() +is incremented by one, so that it will not be destroyed when the session +containing the peer certificate is freed. The X509 object must be explicitly +freed using X509_free(). + +The reference count of the X509 object returned by SSL_get0_peer_certificate() +is not incremented, and must not be freed. + +SSL_get_peer_certificate() is an alias of SSL_get1_peer_certificate(). =head1 RETURN VALUES @@ -52,9 +62,14 @@ The return value points to the certificate presented by the peer. L, L, L +=head1 HISTORY + +SSL_get0_peer_certificate() and SSL_get1_peer_certificate() were added in 3.0.0. +SSL_get_peer_certificate() was deprecated in 3.0.0. + =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8d96f0d85a..53664229c2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1706,7 +1706,12 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); # ifdef OPENSSL_X509_H -__owur X509 *SSL_get_peer_certificate(const SSL *s); +__owur X509 *SSL_get0_peer_certificate(const SSL *s); +__owur X509 *SSL_get1_peer_certificate(const SSL *s); +/* Deprecated in 3.0.0 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_get_peer_certificate SSL_get1_peer_certifiate +# endif # endif __owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c3174a7c91..243c0ed7c9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1524,23 +1524,24 @@ int SSL_has_pending(const SSL *s) return RECORD_LAYER_read_pending(&s->rlayer); } -X509 *SSL_get_peer_certificate(const SSL *s) +X509 *SSL_get1_peer_certificate(const SSL *s) { - X509 *r; + X509 *r = SSL_get0_peer_certificate(s); - if ((s == NULL) || (s->session == NULL)) - r = NULL; - else - r = s->session->peer; - - if (r == NULL) - return r; - - X509_up_ref(r); + if (r != NULL) + X509_up_ref(r); return r; } +X509 *SSL_get0_peer_certificate(const SSL *s) +{ + if ((s == NULL) || (s->session == NULL)) + return NULL; + else + return s->session->peer; +} + STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 7189940a62..9bee9cb3af 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2551,7 +2551,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) * after the CertificateVerify message has been received. This is because * in TLSv1.3 the CertificateRequest arrives before the Certificate message * but in TLSv1.2 it is the other way around. We want to make sure that - * SSL_get_peer_certificate() returns something sensible in + * SSL_get1_peer_certificate() returns something sensible in * client_cert_cb. */ if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 36cdc1be58..de8212747f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -537,7 +537,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * certificate after the CertVerify instead of when we get the * CertificateRequest. This is because in TLSv1.3 the CertificateRequest * comes *before* the Certificate message. In TLSv1.2 it comes after. We - * want to make sure that SSL_get_peer_certificate() will return the actual + * want to make sure that SSL_get1_peer_certificate() will return the actual * server certificate from the client_cert_cb callback. */ if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1) diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 2dfded5c11..bc6762d475 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1285,14 +1285,10 @@ static int pkey_type(EVP_PKEY *pkey) static int peer_pkey_type(SSL *s) { - X509 *x = SSL_get_peer_certificate(s); + X509 *x = SSL_get0_peer_certificate(s); - if (x != NULL) { - int nid = pkey_type(X509_get0_pubkey(x)); - - X509_free(x); - return nid; - } + if (x != NULL) + return pkey_type(X509_get0_pubkey(x)); return NID_undef; } diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 0184778d4f..d4d7cf1454 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -894,7 +894,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { return false; } } else if (!config->is_server || config->require_any_client_certificate) { - if (SSL_get_peer_certificate(ssl) == nullptr) { + if (SSL_get0_peer_certificate(ssl) == nullptr) { fprintf(stderr, "Received no peer certificate but expected one.\n"); return false; } diff --git a/test/sslapitest.c b/test/sslapitest.c index afc4ea8d40..1a91f96fb9 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -7623,15 +7623,13 @@ static int test_cert_cb(int tst) static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) { - X509 *xcert, *peer; + X509 *xcert; EVP_PKEY *privpkey; BIO *in = NULL; - /* Check that SSL_get_peer_certificate() returns something sensible */ - peer = SSL_get_peer_certificate(ssl); - if (!TEST_ptr(peer)) + /* Check that SSL_get0_peer_certificate() returns something sensible */ + if (!TEST_ptr(SSL_get0_peer_certificate(ssl))) return 0; - X509_free(peer); in = BIO_new_file(cert, "r"); if (!TEST_ptr(in)) diff --git a/test/ssltest_old.c b/test/ssltest_old.c index d45b2786d3..4f340fc2e0 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -781,7 +781,7 @@ static void print_details(SSL *c_ssl, const char *prefix) prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); - cert = SSL_get_peer_certificate(c_ssl); + cert = SSL_get0_peer_certificate(c_ssl); if (cert != NULL) { EVP_PKEY* pubkey = X509_get0_pubkey(cert); @@ -789,7 +789,6 @@ static void print_details(SSL *c_ssl, const char *prefix) BIO_puts(bio_stdout, ", "); print_key_details(bio_stdout, pubkey); } - X509_free(cert); } if (SSL_get_peer_tmp_key(c_ssl, &pkey)) { BIO_puts(bio_stdout, ", temp key: "); diff --git a/util/libssl.num b/util/libssl.num index d638088dde..637e088704 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -79,7 +79,7 @@ SSL_SESSION_print 79 3_0_0 EXIST::FUNCTION: SSL_get_client_ciphers 80 3_0_0 EXIST::FUNCTION: SSL_get_srtp_profiles 81 3_0_0 EXIST::FUNCTION:SRTP SSL_use_certificate_ASN1 82 3_0_0 EXIST::FUNCTION: -SSL_get_peer_certificate 83 3_0_0 EXIST::FUNCTION: +SSL_get_peer_certificate 83 3_0_0 NOEXIST::FUNCTION: DTLSv1_2_server_method 84 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD SSL_set_cert_cb 85 3_0_0 EXIST::FUNCTION: SSL_CTX_set_cookie_verify_cb 86 3_0_0 EXIST::FUNCTION: @@ -514,3 +514,5 @@ SSL_CTX_load_verify_store ? 3_0_0 EXIST::FUNCTION: SSL_CTX_set_tlsext_ticket_key_evp_cb ? 3_0_0 EXIST::FUNCTION: SSL_CTX_new_with_libctx ? 3_0_0 EXIST::FUNCTION: SSL_new_session_ticket ? 3_0_0 EXIST::FUNCTION: +SSL_get0_peer_certificate ? 3_0_0 EXIST::FUNCTION: +SSL_get1_peer_certificate ? 3_0_0 EXIST::FUNCTION: diff --git a/util/other.syms b/util/other.syms index ab60424a8f..351cffa933 100644 --- a/util/other.syms +++ b/util/other.syms @@ -505,6 +505,7 @@ SSL_get_max_cert_list define SSL_get_max_proto_version define SSL_get_min_proto_version define SSL_get_mode define +SSL_get_peer_certificate define deprecated 3.0.0 SSL_get_peer_signature_nid define SSL_get_peer_tmp_key define SSL_get_secure_renegotiation_support define From levitte at openssl.org Thu Jul 16 07:15:09 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 07:15:09 +0000 Subject: [openssl] master update Message-ID: <1594883709.512265.5837.nullmailer@dev.openssl.org> The branch master has been updated via 81ed433cf835bf7b47aa926735196b6948f65e95 (commit) via bb9542621170185a9a4af6d0468cf839f4512343 (commit) via 184fb690fabe272a197f363144064141d369a192 (commit) via 03445677b900fb9775c6652daa7fe7943d468aa7 (commit) via 2099f1bb6ba61e9f50193d3eab22e31bba627fb9 (commit) via 1bdab93a62df26112564acc94b2a753436b9ac7b (commit) via 8b4c89f8d2d0a277ad9f66e98d8f308ebb4ef8c4 (commit) via 571d2c4dc70b9dffb32cf1a4969820dec6426c46 (commit) via 2d71c9468a338adaa5c78b9d4a1382ff8f106143 (commit) via 9bd8d96c390902ae3c0926c1d6c68521e48a7f7f (commit) via e4468e6d8dc5a8a7e49f2ba77ed55ce2b282d4a7 (commit) via ad8fc6f626a6f9064383d77b102c8efcf442a9d7 (commit) via 91512a771ac0f98b741824af9b2472d3eb754e70 (commit) via 304d070eba9dae427a5846371a4575e397f7bbbd (commit) via 92f8603537d5e883588163e04396779edb21a0b7 (commit) via cf8e8cba93776cda9a137232df58a17d7c9a8fc1 (commit) via 597f3f3ab144a4f3616073f41ee3722e1b75f2a3 (commit) via 4222682dae2efde296ba43a98673b55d0ce55d7e (commit) via 0f221d9c68b005332e21e70e7e841d021dc20498 (commit) via 699caa18d5f28f373fb7f5c7b946249e0be1ceb4 (commit) via 0a684b09d8911a5849744f2de90e81ae07bd59fb (commit) via 910b71cf47266233fcb0a46d3e742e1a0834069f (commit) from 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 (commit) - Log ----------------------------------------------------------------- commit 81ed433cf835bf7b47aa926735196b6948f65e95 Author: Pauli Date: Tue Jul 14 22:04:29 2020 +1000 libcrypto.num: engine deprecation updates Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit bb9542621170185a9a4af6d0468cf839f4512343 Author: Pauli Date: Tue Jul 14 21:33:14 2020 +1000 doc: remove unused engine tracing option Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 184fb690fabe272a197f363144064141d369a192 Author: Pauli Date: Tue Jul 14 21:32:52 2020 +1000 trace: condition out engine related tracing Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 03445677b900fb9775c6652daa7fe7943d468aa7 Author: Pauli Date: Tue Jul 14 10:29:56 2020 +1000 Document that ENGINE_add_conf_module() was deprecated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 2099f1bb6ba61e9f50193d3eab22e31bba627fb9 Author: Pauli Date: Tue Jul 14 10:29:24 2020 +1000 Document that exdata for ENGINES is deprecated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 1bdab93a62df26112564acc94b2a753436b9ac7b Author: Pauli Date: Tue Jul 14 10:28:49 2020 +1000 Document that the ENGINE_[sg]_ex_data() calls are reprecated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 8b4c89f8d2d0a277ad9f66e98d8f308ebb4ef8c4 Author: Pauli Date: Tue Jul 14 10:27:39 2020 +1000 RAND: document that the ENGINE RAND override is deprecated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 571d2c4dc70b9dffb32cf1a4969820dec6426c46 Author: Pauli Date: Tue Jul 14 10:27:07 2020 +1000 ENGINESDIR: document that this configuration is deprecated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 2d71c9468a338adaa5c78b9d4a1382ff8f106143 Author: Pauli Date: Tue Jul 14 10:25:38 2020 +1000 doc: document that the engine initialisation options are deprecated. They can't be removed yet for API compatibility reasons. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 9bd8d96c390902ae3c0926c1d6c68521e48a7f7f Author: Pauli Date: Tue Jul 14 09:40:47 2020 +1000 deprecate engines in provider code Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit e4468e6d8dc5a8a7e49f2ba77ed55ce2b282d4a7 Author: Pauli Date: Tue Jul 14 09:40:29 2020 +1000 deprecate engines in libcrypto Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit ad8fc6f626a6f9064383d77b102c8efcf442a9d7 Author: Pauli Date: Tue Jul 14 09:40:04 2020 +1000 apps: deprecate engines Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 91512a771ac0f98b741824af9b2472d3eb754e70 Author: Pauli Date: Tue Jul 14 09:39:47 2020 +1000 deprecate engine from public header files Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 304d070eba9dae427a5846371a4575e397f7bbbd Author: Pauli Date: Tue Jul 14 09:39:20 2020 +1000 deprecate engine tests Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 92f8603537d5e883588163e04396779edb21a0b7 Author: Pauli Date: Tue Jul 14 09:38:42 2020 +1000 deprecate engines in SSL Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit cf8e8cba93776cda9a137232df58a17d7c9a8fc1 Author: Pauli Date: Tue Jul 14 09:38:22 2020 +1000 deprecate engines Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 597f3f3ab144a4f3616073f41ee3722e1b75f2a3 Author: Pauli Date: Mon Jul 13 10:51:03 2020 +1000 Fix indentation for engine.h Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 4222682dae2efde296ba43a98673b55d0ce55d7e Author: Pauli Date: Thu Jun 25 11:30:13 2020 +1000 doc: deprecate ENGINE documentation Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 0f221d9c68b005332e21e70e7e841d021dc20498 Author: Pauli Date: Thu Jun 25 11:27:51 2020 +1000 apps: document the deprecation of the -engine option Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 699caa18d5f28f373fb7f5c7b946249e0be1ceb4 Author: Pauli Date: Thu Jun 25 11:20:49 2020 +1000 engine: document the engine app as deprecated Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 0a684b09d8911a5849744f2de90e81ae07bd59fb Author: Pauli Date: Thu Jun 25 10:40:20 2020 +1000 apps/list: deprecate engine support Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) commit 910b71cf47266233fcb0a46d3e742e1a0834069f Author: Pauli Date: Thu Jun 25 10:36:29 2020 +1000 deprecate engines in 3.0 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) ----------------------------------------------------------------------- Summary of changes: Configure | 3 +- apps/engine.c | 3 + apps/genpkey.c | 3 + apps/lib/apps.c | 3 + apps/list.c | 26 +- apps/req.c | 3 + apps/s_client.c | 3 + crypto/asn1/ameth_lib.c | 3 + crypto/asn1/d2i_pr.c | 3 + crypto/conf/conf_mall.c | 3 + crypto/conf/conf_mod.c | 3 + crypto/engine/eng_cnf.c | 3 + crypto/engine/eng_ctrl.c | 3 + crypto/engine/eng_dyn.c | 3 + crypto/engine/eng_fat.c | 3 + crypto/engine/eng_init.c | 3 + crypto/engine/eng_list.c | 3 + crypto/engine/eng_openssl.c | 3 + crypto/engine/eng_pkey.c | 3 + crypto/engine/eng_rdrand.c | 3 + crypto/engine/tb_asnmth.c | 3 + crypto/engine/tb_cipher.c | 3 + crypto/engine/tb_dh.c | 3 + crypto/engine/tb_digest.c | 3 + crypto/engine/tb_dsa.c | 3 + crypto/engine/tb_eckey.c | 3 + crypto/engine/tb_pkmeth.c | 3 + crypto/engine/tb_rand.c | 3 + crypto/engine/tb_rsa.c | 3 + crypto/evp/digest.c | 3 + crypto/evp/evp_enc.c | 3 + crypto/evp/pkey_mac.c | 3 + crypto/init.c | 3 + crypto/pem/pem_lib.c | 3 + crypto/rand/rand_lib.c | 3 + crypto/store/loader_file.c | 3 + crypto/trace.c | 2 + crypto/ts/ts_conf.c | 3 + doc/man1/openssl-ca.pod.in | 2 + doc/man1/openssl-cmp.pod.in | 4 +- doc/man1/openssl-cms.pod.in | 2 + doc/man1/openssl-dgst.pod.in | 8 +- doc/man1/openssl-dhparam.pod.in | 2 +- doc/man1/openssl-dsa.pod.in | 4 + doc/man1/openssl-dsaparam.pod.in | 4 + doc/man1/openssl-ec.pod.in | 4 + doc/man1/openssl-ecparam.pod.in | 4 + doc/man1/openssl-enc.pod.in | 2 +- doc/man1/openssl-engine.pod.in | 6 + doc/man1/openssl-gendsa.pod.in | 4 + doc/man1/openssl-genpkey.pod.in | 2 + doc/man1/openssl-list.pod.in | 10 + doc/man1/openssl-pkcs12.pod.in | 4 + doc/man1/openssl-pkcs7.pod.in | 4 + doc/man1/openssl-pkcs8.pod.in | 2 + doc/man1/openssl-pkey.pod.in | 4 + doc/man1/openssl-pkeyparam.pod.in | 4 + doc/man1/openssl-pkeyutl.pod.in | 2 + doc/man1/openssl-rand.pod.in | 4 + doc/man1/openssl-req.pod.in | 2 + doc/man1/openssl-rsa.pod.in | 4 + doc/man1/openssl-rsautl.pod.in | 2 + doc/man1/openssl-s_client.pod.in | 2 + doc/man1/openssl-s_server.pod.in | 2 + doc/man1/openssl-smime.pod.in | 2 + doc/man1/openssl-speed.pod.in | 4 + doc/man1/openssl-spkac.pod.in | 2 + doc/man1/openssl-srp.pod.in | 4 + doc/man1/openssl-storeutl.pod.in | 2 + doc/man1/openssl-ts.pod.in | 2 + doc/man1/openssl-verify.pod.in | 2 + doc/man1/openssl-x509.pod.in | 2 + doc/man3/BIO_get_ex_new_index.pod | 5 + doc/man3/CRYPTO_get_ex_new_index.pod | 3 + doc/man3/ENGINE_add.pod | 9 + doc/man3/OPENSSL_init_crypto.pod | 24 +- doc/man3/OPENSSL_load_builtin_modules.pod | 4 + doc/man3/OSSL_trace_set_channel.pod | 4 - doc/man3/OpenSSL_version.pod | 3 +- doc/man3/RAND_set_rand_method.pod | 8 +- doc/perlvars.pm | 19 +- engines/e_afalg.c | 3 + engines/e_capi.c | 3 + engines/e_dasync.c | 3 + engines/e_devcrypto.c | 3 + engines/e_ossltest.c | 3 + engines/e_padlock.c | 4 +- include/openssl/crypto.h | 1 - include/openssl/engine.h | 477 ++++++++++++++++-------------- include/openssl/trace.h | 6 +- providers/common/provider_util.c | 3 + ssl/ssl_ciph.c | 3 + ssl/ssl_lib.c | 3 + ssl/ssl_sess.c | 3 + ssl/statem/statem_clnt.c | 3 + test/afalgtest.c | 3 + test/enginetest.c | 3 + util/libcrypto.num | 242 +++++++-------- 98 files changed, 708 insertions(+), 387 deletions(-) diff --git a/Configure b/Configure index c9b5c59726..eeb88f6618 100755 --- a/Configure +++ b/Configure @@ -600,9 +600,8 @@ my @disable_cascades = ( "cmp" => [ "crmf" ], - # Padlock engine uses low-level AES APIs which are deprecated sub { $disabled{"deprecated-3.0"} } - => [ "padlockeng" ] + => [ "engine" ] ); # Avoid protocol support holes. Also disable all versions below N, if version diff --git a/apps/engine.c b/apps/engine.c index 6d788ac852..d51586d855 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "apps.h" diff --git a/apps/genpkey.c b/apps/genpkey.c index 4a4a83fd40..17fb42eba6 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include "apps.h" diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 3e4cc288b1..777e4fed35 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) /* * On VMS, you need to define this to get the declaration of fileno(). The diff --git a/apps/list.c b/apps/list.c index ed93186254..f0ea7dc6ae 100644 --- a/apps/list.c +++ b/apps/list.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include @@ -522,9 +525,10 @@ static void list_pkey_meth(void) } } +#ifndef OPENSSL_NO_DEPRECATED_3_0 static void list_engines(void) { -#ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE ENGINE *e; BIO_puts(bio_out, "Engines:\n"); @@ -533,10 +537,11 @@ static void list_engines(void) BIO_printf(bio_out, "%s\n", ENGINE_get_id(e)); e = ENGINE_get_next(e); } -#else +# else BIO_puts(bio_out, "Engine support is disabled.\n"); -#endif +# endif } +#endif static void list_disabled(void) { @@ -592,7 +597,7 @@ static void list_disabled(void) #ifdef OPENSSL_NO_EC2M BIO_puts(bio_out, "EC2M\n"); #endif -#ifdef OPENSSL_NO_ENGINE +#if defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) BIO_puts(bio_out, "ENGINE\n"); #endif #ifdef OPENSSL_NO_GOST @@ -689,8 +694,11 @@ typedef enum HELPLIST_CHOICE { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE, OPT_VERBOSE, OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, - OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED, + OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_KDF_ALGORITHMS, OPT_RANDOM_GENERATORS, OPT_MISSING_HELP, OPT_OBJECTS, +#ifndef OPENSSL_NO_DEPRECATED_3_0 + OPT_ENGINES, +#endif OPT_PROV_ENUM } HELPLIST_CHOICE; @@ -721,8 +729,10 @@ const OPTIONS list_options[] = { "List of public key algorithms"}, {"public-key-methods", OPT_PK_METHOD, '-', "List of public key methods"}, +#ifndef OPENSSL_NO_DEPRECATED_3_0 {"engines", OPT_ENGINES, '-', "List of loaded engines"}, +#endif {"disabled", OPT_DISABLED, '-', "List of disabled features"}, {"missing-help", OPT_MISSING_HELP, '-', @@ -752,7 +762,9 @@ int list_main(int argc, char **argv) unsigned int cipher_algorithms:1; unsigned int pk_algorithms:1; unsigned int pk_method:1; +#ifndef OPENSSL_NO_DEPRECATED_3_0 unsigned int engines:1; +#endif unsigned int disabled:1; unsigned int missing_help:1; unsigned int objects:1; @@ -805,9 +817,11 @@ opthelp: case OPT_PK_METHOD: todo.pk_method = 1; break; +#ifndef OPENSSL_NO_DEPRECATED_3_0 case OPT_ENGINES: todo.engines = 1; break; +#endif case OPT_DISABLED: todo.disabled = 1; break; @@ -855,8 +869,10 @@ opthelp: list_pkey(); if (todo.pk_method) list_pkey_meth(); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (todo.engines) list_engines(); +#endif if (todo.disabled) list_disabled(); if (todo.missing_help) diff --git a/apps/req.c b/apps/req.c index a2212b988d..4ae828cd45 100644 --- a/apps/req.c +++ b/apps/req.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/apps/s_client.c b/apps/s_client.c index 91b21003fb..a1b80f4c5f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -8,6 +8,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" #include #include diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 8c7df51fe4..32074c460e 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" /* for strncasecmp */ #include "internal/cryptlib.h" #include diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 3ddc56d408..a4d240e7c4 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "internal/cryptlib.h" #include diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 033c1ada18..9852f0212e 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include "internal/cryptlib.h" diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 9d3db8eb31..64473417e9 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "internal/cryptlib.h" #include #include diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index 0ddad7dd80..dcc30b6c62 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" #include #include diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index 39cfb17089..1cc4f545af 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" /* diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 798ff1e3af..73d7b14ae6 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" #include "internal/dso.h" #include diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index 428e66733b..e0de95d11b 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -8,6 +8,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" #include diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c index 34f01388a2..7303426e81 100644 --- a/crypto/engine/eng_init.c +++ b/crypto/engine/eng_init.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" #include "eng_local.h" diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 167c24cb23..cb9ad78838 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -8,6 +8,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" /* diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 8b2b8c1ff4..32e6f4e19f 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -8,6 +8,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + /* * RC4 and SHA-1 low level APIs are deprecated for public use, but still ok * for internal use. diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index b8853df1cf..68df415475 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" /* Basic get/set stuff */ diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index b6d1988d13..53cd34fb28 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index 6289c225a5..3aad4e8d1c 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" #include "eng_local.h" #include diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c index c669907a53..bc97deda87 100644 --- a/crypto/engine/tb_cipher.c +++ b/crypto/engine/tb_cipher.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *cipher_table = NULL; diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c index e877fce2fc..fa8b5b846b 100644 --- a/crypto/engine/tb_dh.c +++ b/crypto/engine/tb_dh.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c index 8a5a8332a9..5e75e64e69 100644 --- a/crypto/engine/tb_digest.c +++ b/crypto/engine/tb_digest.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *digest_table = NULL; diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c index a22e8f6941..65dbe64df9 100644 --- a/crypto/engine/tb_dsa.c +++ b/crypto/engine/tb_dsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *dsa_table = NULL; diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c index 397dad8855..ae7ef5ebdf 100644 --- a/crypto/engine/tb_eckey.c +++ b/crypto/engine/tb_eckey.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index beb4fd7371..2d0cbff497 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" #include diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c index d7c7ef485f..9996cf67d6 100644 --- a/crypto/engine/tb_rand.c +++ b/crypto/engine/tb_rand.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *rand_table = NULL; diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c index 5b7d6717ae..35f6c68e54 100644 --- a/crypto/engine/tb_rsa.c +++ b/crypto/engine/tb_rsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "eng_local.h" static ENGINE_TABLE *rsa_table = NULL; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 92e9b7bfb0..3d25b75be7 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index ec966a0ed5..b8cb5daad0 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include "internal/cryptlib.h" diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 55badea7e9..784fca956d 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/crypto/init.c b/crypto/init.c index 4aa3fc83da..8c1fc2598f 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" #include "crypto/cryptlib.h" #include diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index bd20bbb783..71074b5b16 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "crypto/ctype.h" #include diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index e7dfb07de2..d43b4fb8db 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include "internal/cryptlib.h" diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 9a2ada335d..30f4e6ecaf 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "e_os.h" #include #include diff --git a/crypto/trace.c b/crypto/trace.c index 18a8c64135..e6628f9bae 100755 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -126,8 +126,10 @@ static const struct trace_category_st trace_categories[] = { TRACE_CATEGORY_(TLS), TRACE_CATEGORY_(TLS_CIPHER), TRACE_CATEGORY_(CONF), +#ifndef OPENSSL_NO_ENGINE TRACE_CATEGORY_(ENGINE_TABLE), TRACE_CATEGORY_(ENGINE_REF_COUNT), +#endif TRACE_CATEGORY_(PKCS5V2), TRACE_CATEGORY_(PKCS12_KEYGEN), TRACE_CATEGORY_(PKCS12_DECRYPT), diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 9044920e3f..199a3b82e3 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 519f5f4eed..5f7dc2d16f 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -794,6 +794,8 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 SEE ALSO L, diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index b148afb2dc..6ed11f442f 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -71,7 +71,7 @@ B B [B<-keyform> I] [B<-certsform> I] [B<-otherpass> I] -[B<-engine> I] +{- $OpenSSL::safe::opt_engine_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} [B<-tls_used>] @@ -698,6 +698,7 @@ If not given here, the password will be prompted for if needed. For more information about the format of B see the B section in L. +{- output_off() if $disabled{"deprecated-3.0"}; "" -} =item B<-engine> I @@ -714,6 +715,7 @@ the engine. as supported, e.g., by libp11: C<-key engine:pkcs11:object=my-private-key;type=private;pin-value=1234> +{- output_on() if $disabled{"deprecated-3.0"}; "" -} {- $OpenSSL::safe::opt_provider_item -} =back diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index b4c57d37ff..6ee411d550 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -781,6 +781,8 @@ and have no effect. The B<-nameopt> option was added in OpenSSL 3.0.0. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in index 22c07a5a7f..6a5bb28a69 100644 --- a/doc/man1/openssl-dgst.pod.in +++ b/doc/man1/openssl-dgst.pod.in @@ -30,7 +30,9 @@ B B|I [B<-macopt> I:I] [B<-fips-fingerprint>] {- $OpenSSL::safe::opt_engine_synopsis -} -[B<-engine_impl> I] +{- output_off() if $disabled{"deprecated-3.0"}; "" +-}[B<-engine_impl> I]{- + output_on() if $disabled{"deprecated-3.0"}; "" -} {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} [I ...] @@ -178,6 +180,7 @@ Compute HMAC using a specific key for certain OpenSSL-FIPS operations. {- $OpenSSL::safe::opt_r_item -} {- $OpenSSL::safe::opt_engine_item -} +{- output_off() if $disabled{"deprecated-3.0"}; "" -} The engine is not used for digests unless the B<-engine_impl> option is used or it is configured to do so, see L. @@ -186,6 +189,7 @@ used or it is configured to do so, see L. When used with the B<-engine> option, it specifies to also use engine I for digest operations. +{- output_on() if $disabled{"deprecated-3.0"}; "" -} {- $OpenSSL::safe::opt_provider_item -} =item I ... @@ -251,6 +255,8 @@ The FIPS-related options were removed in OpenSSL 1.1.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index 91883fb840..d6fcb59751 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -135,7 +135,7 @@ L =head1 HISTORY -The B<-dsaparam> option was deprecated in OpenSSL 3.0. +The B<-dsaparam> and B<-engine> options were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in index 2db0407821..9ab1b3818a 100644 --- a/doc/man1/openssl-dsa.pod.in +++ b/doc/man1/openssl-dsa.pod.in @@ -159,6 +159,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in index 27bd6517e1..0e6e6cb6de 100644 --- a/doc/man1/openssl-dsaparam.pod.in +++ b/doc/man1/openssl-dsaparam.pod.in @@ -104,6 +104,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in index c1e92ef51e..9a12f40f80 100644 --- a/doc/man1/openssl-ec.pod.in +++ b/doc/man1/openssl-ec.pod.in @@ -186,6 +186,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in index ff4d97ea5d..9c9b098270 100644 --- a/doc/man1/openssl-ecparam.pod.in +++ b/doc/man1/openssl-ecparam.pod.in @@ -168,6 +168,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index dcbeb8877b..954b17e778 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -426,7 +426,7 @@ The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. The B<-list> option was added in OpenSSL 1.1.1e. -The B<-ciphers> option was deprecated in OpenSSL 3.0. +The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man1/openssl-engine.pod.in b/doc/man1/openssl-engine.pod.in index c669213491..bcc31ebad1 100644 --- a/doc/man1/openssl-engine.pod.in +++ b/doc/man1/openssl-engine.pod.in @@ -22,6 +22,8 @@ B =head1 DESCRIPTION +This command has been deprecated. Providers should be used instead of engines. + This command is used to query the status and capabilities of the specified Is. Engines may be specified before and after all other command-line flags. @@ -114,6 +116,10 @@ The path to the engines directory. L, L +=head1 HISTORY + +This command was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in index aca9bb5165..cba85f41fa 100644 --- a/doc/man1/openssl-gendsa.pod.in +++ b/doc/man1/openssl-gendsa.pod.in @@ -92,6 +92,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in index d38c1422b2..4334d0c3c1 100644 --- a/doc/man1/openssl-genpkey.pod.in +++ b/doc/man1/openssl-genpkey.pod.in @@ -359,6 +359,8 @@ were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in index 1eb62d3feb..527e96a084 100644 --- a/doc/man1/openssl-list.pod.in +++ b/doc/man1/openssl-list.pod.in @@ -21,7 +21,9 @@ B [B<-cipher-algorithms>] [B<-public-key-algorithms>] [B<-public-key-methods>] +{- output_off() if $disabled{"deprecated-3.0"}; "" -} [B<-engines>] +{- output_on() if $disabled{"deprecated-3.0"}; "" -} [B<-disabled>] [B<-objects>] [B<-options> I] @@ -92,11 +94,15 @@ a block of multiple lines, all but the first are indented. =item B<-public-key-methods> Display a list of public key method OIDs. +{- output_off() if $disabled{"deprecated-3.0"}; "" -} =item B<-engines> +This option is deprecated. + Display a list of loaded engines. +{- output_on() if $disabled{"deprecated-3.0"}; "" -} =item B<-disabled> Display a list of disabled features, those that were compiled out @@ -146,6 +152,10 @@ In both cases, C is the name of the provider. =back +=head1 HISTORY + +The B<-engines> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index 7d0629b376..8c819c56f8 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -365,6 +365,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in index 6a05dd4149..fb6b9b4ebc 100644 --- a/doc/man1/openssl-pkcs7.pod.in +++ b/doc/man1/openssl-pkcs7.pod.in @@ -97,6 +97,10 @@ Output all certificates in a file: L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in index 719e3d9168..6955b441be 100644 --- a/doc/man1/openssl-pkcs8.pod.in +++ b/doc/man1/openssl-pkcs8.pod.in @@ -273,6 +273,8 @@ L The B<-iter> option was added in OpenSSL 1.1.0. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index de1bef954c..1fe94c8efc 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -197,6 +197,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkeyparam.pod.in b/doc/man1/openssl-pkeyparam.pod.in index c5f949cfd1..3e7f60a6b7 100644 --- a/doc/man1/openssl-pkeyparam.pod.in +++ b/doc/man1/openssl-pkeyparam.pod.in @@ -85,6 +85,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 2bcbb54c57..378cfccad6 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -409,6 +409,8 @@ L, All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rand.pod.in b/doc/man1/openssl-rand.pod.in index 7299f5c653..67696ee413 100644 --- a/doc/man1/openssl-rand.pod.in +++ b/doc/man1/openssl-rand.pod.in @@ -65,6 +65,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 25295d02fc..07354453be 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -695,6 +695,8 @@ The B<-section> option was added in OpenSSL 3.0.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index b2477b2b2c..4f9c41d668 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -187,6 +187,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index 5383fe2116..477e4a1ece 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -241,6 +241,8 @@ This command was deprecated in OpenSSL 3.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index e8f73cdb99..78f4cc679c 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -910,6 +910,8 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 07cde67cde..47515af42a 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -840,6 +840,8 @@ have become obsolete in OpenSSL 3.0.0 and have no effect. The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in index 4dce01a46e..b15be731c0 100644 --- a/doc/man1/openssl-smime.pod.in +++ b/doc/man1/openssl-smime.pod.in @@ -483,6 +483,8 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in index b3e2a80769..cbcc776f14 100644 --- a/doc/man1/openssl-speed.pod.in +++ b/doc/man1/openssl-speed.pod.in @@ -113,6 +113,10 @@ pre-compiled grand selection is tested. =back +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-spkac.pod.in b/doc/man1/openssl-spkac.pod.in index ca7d097d85..7a95dd6ff3 100644 --- a/doc/man1/openssl-spkac.pod.in +++ b/doc/man1/openssl-spkac.pod.in @@ -154,6 +154,8 @@ L All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-srp.pod.in b/doc/man1/openssl-srp.pod.in index 5f4a36c60a..e2b04fe91e 100644 --- a/doc/man1/openssl-srp.pod.in +++ b/doc/man1/openssl-srp.pod.in @@ -81,6 +81,10 @@ see L. =back +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-storeutl.pod.in b/doc/man1/openssl-storeutl.pod.in index 70e9ca6566..2c92f825a0 100644 --- a/doc/man1/openssl-storeutl.pod.in +++ b/doc/man1/openssl-storeutl.pod.in @@ -123,6 +123,8 @@ L This command was added in OpenSSL 1.1.1. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index e7bc607a1f..7a1ed418ce 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -626,6 +626,8 @@ seeding mechanism. The new seeding mechanism makes it unnecessary to define a RANDFILE for saving and restoring randomness. This option is retained mainly for compatibility reasons. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 SEE ALSO L, diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in index bccaa2642f..ff4d88f577 100644 --- a/doc/man1/openssl-verify.pod.in +++ b/doc/man1/openssl-verify.pod.in @@ -153,6 +153,8 @@ L The B<-show_chain> option was added in OpenSSL 1.1.0. +The B<-engine option> was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 918c91b34b..33e24ac6e9 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -835,6 +835,8 @@ have become obsolete in OpenSSL 3.0.0 and have no effect. The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod index 2380ad79a6..7e5c2852a6 100644 --- a/doc/man3/BIO_get_ex_new_index.pod +++ b/doc/man3/BIO_get_ex_new_index.pod @@ -85,6 +85,11 @@ TYPE_get_ex_data() returns the application data or NULL if an error occurred. L. +=head1 HISTORY + +The ENGINE_get_ex_new_index(), ENGINE_set_ex_data() and ENGINE_get_ex_data() +functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod index fcedd0ec88..8311685501 100644 --- a/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/doc/man3/CRYPTO_get_ex_new_index.pod @@ -163,9 +163,12 @@ dup_func() should return 0 for failure and 1 for success. =head1 HISTORY CRYPTO_alloc_ex_data() was added in OpenSSL 3.0. + The signature of the dup_func() callback was changed in OpenSSL 3.0 to use the type B for B. Previously this parameter was of type B. +Support for ENGINE "exdata" was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index 1d07f5df83..f2c112dcd8 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -46,6 +46,10 @@ ENGINE_unregister_digests #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + ENGINE *ENGINE_get_first(void); ENGINE *ENGINE_get_last(void); ENGINE *ENGINE_get_next(ENGINE *e); @@ -162,6 +166,9 @@ L: =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. + These functions create, manipulate, and use cryptographic modules in the form of B objects. These objects act as containers for implementations of cryptographic algorithms, and support a @@ -651,6 +658,8 @@ L, L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + ENGINE_cleanup() was deprecated in OpenSSL 1.1.0 by the automatic cleanup done by OPENSSL_cleanup() and should not be used. diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index 8a8f4615e5..7e7b1ef69c 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -122,43 +122,51 @@ sub-library (see L). This is a default option. =item OPENSSL_INIT_ENGINE_RDRAND With this option the library will automatically load and initialise the -RDRAND engine (if available). This not a default option. +RDRAND engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_DYNAMIC With this option the library will automatically load and initialise the -dynamic engine. This not a default option. +dynamic engine. This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_OPENSSL With this option the library will automatically load and initialise the -openssl engine. This not a default option. +openssl engine. This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_CRYPTODEV With this option the library will automatically load and initialise the -cryptodev engine (if available). This not a default option. +cryptodev engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_CAPI With this option the library will automatically load and initialise the -CAPI engine (if available). This not a default option. +CAPI engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_PADLOCK With this option the library will automatically load and initialise the -padlock engine (if available). This not a default option. +padlock engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_AFALG With this option the library will automatically load and initialise the -AFALG engine. This not a default option. +AFALG engine. This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ENGINE_ALL_BUILTIN With this option the library will automatically load and initialise all the built in engines listed above with the exception of the openssl and afalg -engines. This not a default option. +engines. This not a default option and is deprecated +in OpenSSL 3.0. =item OPENSSL_INIT_ATFORK diff --git a/doc/man3/OPENSSL_load_builtin_modules.pod b/doc/man3/OPENSSL_load_builtin_modules.pod index 0abbe73f4c..2ff53ae9d8 100644 --- a/doc/man3/OPENSSL_load_builtin_modules.pod +++ b/doc/man3/OPENSSL_load_builtin_modules.pod @@ -44,6 +44,10 @@ None of the functions return a value. L, L +=head1 HISTORY + +ENGINE_add_conf_module() was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index 57a5a1c8c9..7ae19aedd3 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -136,10 +136,6 @@ Traces the TLS/SSL protocol. Traces the ciphers used by the TLS/SSL protocol. -=item C - -Traces the ENGINE configuration. - =item C Traces the ENGINE algorithm table selection. diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index b3d5b72928..5342bc985d 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -120,7 +120,8 @@ if available, or C otherwise. =item OPENSSL_ENGINES_DIR The B setting of the library build in the form C -if available, or C otherwise. +if available, or C otherwise. This option is deprecated in +OpenSSL 3.0. =item OPENSSL_MODULES_DIR diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index bd6606c81f..a989c1c9b4 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -23,7 +23,8 @@ RAND_OpenSSL() returns the default B implementation by OpenSSL. This implementation ensures that the PRNG state is unique for each thread. If an B is loaded that provides the RAND API, however, it will -be used instead of the method returned by RAND_OpenSSL(). +be used instead of the method returned by RAND_OpenSSL(). This is deprecated +in OpenSSL 3.0. RAND_set_rand_method() makes B the method for PRNG use. If an ENGINE was providing the method, it will be released first. @@ -58,6 +59,11 @@ L, L, L +=head1 HISTORY + +The ability for an B to replace the RAND API was deprecated in +OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/perlvars.pm b/doc/perlvars.pm index 6d77ce77cb..98c348859f 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -8,6 +8,8 @@ # Set some Perl variables for use by util/dofile.pl when processing # POD files (mainly man1). +use configdata; + # Verify options $OpenSSL::safe::opt_v_synopsis = "" . "[B<-allow_proxy_certs>]\n" @@ -100,12 +102,17 @@ $OpenSSL::safe::opt_provider_item = "" . "See L."; # Engine option -$OpenSSL::safe::opt_engine_synopsis = "" -. "[B<-engine> I]"; -$OpenSSL::safe::opt_engine_item = "" -. "=item B<-engine> I\n" -. "\n" -. "See L."; +$OpenSSL::safe::opt_engine_synopsis = ""; +$OpenSSL::safe::opt_engine_item = ""; +if (!$disabled{"deprecated-3.0"}) { + $OpenSSL::safe::opt_engine_synopsis = "" + . "[B<-engine> I]"; + $OpenSSL::safe::opt_engine_item = "" + . "=item B<-engine> I\n" + . "\n" + . "See L.\n" + . "This option is deprecated."; +} # Trusted certs options $OpenSSL::safe::opt_trust_synopsis = "" diff --git a/engines/e_afalg.c b/engines/e_afalg.c index c644fa15a2..a3e6a69011 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + /* Required for vmsplice */ #ifndef _GNU_SOURCE # define _GNU_SOURCE diff --git a/engines/e_capi.c b/engines/e_capi.c index 4ac559026a..0662dcab56 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #ifdef _WIN32 # ifndef _WIN32_WINNT # define _WIN32_WINNT 0x0400 diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 34936b5fe6..b817b2ba5f 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + /* * SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. Note, that due to symbols not being exported, only the diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index 489109a80d..e8d5d5dd5a 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "../e_os.h" #include #include diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index 6b5fb561a0..df2a3e14e8 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -13,6 +13,9 @@ * used for any purpose except testing */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + /* * SHA low level APIs are deprecated for public use, but still ok for * internal use. Note, that due to symbols not being exported, only the diff --git a/engines/e_padlock.c b/engines/e_padlock.c index af5ac24a21..713a79a368 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -8,8 +8,8 @@ */ /* - * This file uses the low level AES functions (which are deprecated for - * non-internal use) in order to implement the padlock engine AES ciphers. + * This file uses the low level AES and engine functions (which are deprecated + * for non-internal use) in order to implement the padlock engine AES ciphers. */ #define OPENSSL_SUPPRESS_DEPRECATED diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 33296b6ada..abd3a68cd4 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -434,7 +434,6 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ OPENSSL_INIT_ENGINE_PADLOCK) - /* Library initialisation functions */ void OPENSSL_cleanup(void); int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 3c9648dc02..76ab29815f 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -20,40 +20,40 @@ # include # ifndef OPENSSL_NO_ENGINE -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# include -# include -# include -# include -# include -# include -# include -# endif -# include -# include -# include -# include -# ifdef __cplusplus +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus extern "C" { -# endif +# endif /* * These flags are used to control combinations of algorithm (methods) by * bitwise "OR"ing. */ -# define ENGINE_METHOD_RSA (unsigned int)0x0001 -# define ENGINE_METHOD_DSA (unsigned int)0x0002 -# define ENGINE_METHOD_DH (unsigned int)0x0004 -# define ENGINE_METHOD_RAND (unsigned int)0x0008 -# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 -# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 -# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 -# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 -# define ENGINE_METHOD_EC (unsigned int)0x0800 +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 /* Obvious all-or-nothing cases. */ -# define ENGINE_METHOD_ALL (unsigned int)0xFFFF -# define ENGINE_METHOD_NONE (unsigned int)0x0000 +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 /* * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used @@ -61,7 +61,7 @@ extern "C" { * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to * initialise registered ENGINEs if they are not already initialised. */ -# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 /* ENGINE flags that can be set by ENGINE_set_flags(). */ /* Not used */ @@ -73,7 +73,7 @@ extern "C" { * these control commands on behalf of the ENGINE using their "cmd_defns" * data. */ -# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 /* * This flag is for ENGINEs who return new duplicate structures when found @@ -85,7 +85,7 @@ extern "C" { * ENGINE_by_id() just increments the existing ENGINE's structural reference * count. */ -# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 /* * This flag if for an ENGINE that does not want its methods registered as @@ -93,7 +93,7 @@ extern "C" { * usable as default methods. */ -# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 /* * ENGINEs can support their own command types, and these flags are used in @@ -108,23 +108,23 @@ extern "C" { */ /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ -# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 /* * accepts string input (cast from 'void*' to 'const char *', 4th parameter * to ENGINE_ctrl) */ -# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 /* * Indicates that the control command takes *no* input. Ie. the control * command is unparameterised. */ -# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 /* * Indicates that the control command is internal. This control command won't * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() * function. */ -# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 /* * NB: These 3 control commands are deprecated and should not be used. @@ -143,21 +143,21 @@ extern "C" { * sense to some engines. In such a case, they do nothing but return the * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ -# define ENGINE_CTRL_SET_LOGSTREAM 1 -# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 -# define ENGINE_CTRL_HUP 3/* Close and reinitialise +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise * any handles/connections * etc. */ -# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ -# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used * when calling the password * callback and the user * interface */ -# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, * given a string that * represents a file name * or so */ -# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given * section in the already * loaded configuration */ @@ -181,22 +181,22 @@ extern "C" { * worth checking this first if the caller is trying to "discover" the * engine's capabilities and doesn't want errors generated unnecessarily. */ -# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 /* * Returns a positive command number for the first command supported by the * engine. Returns zero if no ctrl commands are supported. */ -# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 /* * The 'long' argument specifies a command implemented by the engine, and the * return value is the next command supported, or zero if there are no more. */ -# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 /* * The 'void*' argument is a command name (cast from 'const char *'), and the * return value is the command that corresponds to it. */ -# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 /* * The next two allow a command to be converted into its corresponding string * form. In each case, the 'long' argument supplies the command. In the @@ -205,23 +205,23 @@ extern "C" { * string buffer large enough, and it will be populated with the name of the * command (WITH a trailing EOL). */ -# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 -# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 /* The next two are similar but give a "short description" of a command. */ -# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 -# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 /* * With this command, the return value is the OR'd combination of * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given * engine-specific ctrl command expects. */ -# define ENGINE_CTRL_GET_CMD_FLAGS 18 +# define ENGINE_CTRL_GET_CMD_FLAGS 18 /* * ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -# define ENGINE_CMD_BASE 200 +# define ENGINE_CMD_BASE 200 /* * NB: These 2 nCipher "chil" control commands are deprecated, and their @@ -232,17 +232,17 @@ extern "C" { */ /* Flags specific to the nCipher "chil" engine */ -# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 - /* - * Depending on the value of the (long)i argument, this sets or - * unsets the SimpleForkCheck flag in the CHIL API to enable or - * disable checking and workarounds for applications that fork(). - */ -# define ENGINE_CTRL_CHIL_NO_LOCKING 101 - /* - * This prevents the initialisation function from providing mutex - * callbacks to the nCipher library. - */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ /* * If an ENGINE supports its own specific control commands and wishes the @@ -314,44 +314,44 @@ typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, */ /* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void); -ENGINE *ENGINE_get_last(void); +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_first(void)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_last(void)) /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e); -ENGINE *ENGINE_get_prev(ENGINE *e); +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_next(ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_prev(ENGINE *e)) /* Add another "ENGINE" type into the array. */ -int ENGINE_add(ENGINE *e); +DEPRECATEDIN_3_0(int ENGINE_add(ENGINE *e)) /* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e); +DEPRECATEDIN_3_0(int ENGINE_remove(ENGINE *e)) /* Retrieve an engine from the list by its unique "id" value. */ -ENGINE *ENGINE_by_id(const char *id); - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define ENGINE_load_openssl() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) -# define ENGINE_load_dynamic() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) -# ifndef OPENSSL_NO_STATIC_ENGINE -# define ENGINE_load_padlock() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) -# define ENGINE_load_capi() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) -# define ENGINE_load_afalg() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) -# endif -# define ENGINE_load_cryptodev() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) -# define ENGINE_load_rdrand() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) -#endif -void ENGINE_load_builtin_engines(void); +DEPRECATEDIN_3_0(ENGINE *ENGINE_by_id(const char *id)) + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +# endif +DEPRECATEDIN_3_0(void ENGINE_load_builtin_engines(void)) /* * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ -unsigned int ENGINE_get_table_flags(void); -void ENGINE_set_table_flags(unsigned int flags); +DEPRECATEDIN_3_0(unsigned int ENGINE_get_table_flags(void)) +DEPRECATEDIN_3_0(void ENGINE_set_table_flags(unsigned int flags)) /*- Manage registration of ENGINEs per "table". For each type, there are 3 * functions; @@ -361,41 +361,41 @@ void ENGINE_set_table_flags(unsigned int flags); * Cleanup is automatically registered from each table when required. */ -int ENGINE_register_RSA(ENGINE *e); -void ENGINE_unregister_RSA(ENGINE *e); -void ENGINE_register_all_RSA(void); +DEPRECATEDIN_3_0(int ENGINE_register_RSA(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_RSA(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_RSA(void)) -int ENGINE_register_DSA(ENGINE *e); -void ENGINE_unregister_DSA(ENGINE *e); -void ENGINE_register_all_DSA(void); +DEPRECATEDIN_3_0(int ENGINE_register_DSA(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_DSA(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_DSA(void)) -int ENGINE_register_EC(ENGINE *e); -void ENGINE_unregister_EC(ENGINE *e); -void ENGINE_register_all_EC(void); +DEPRECATEDIN_3_0(int ENGINE_register_EC(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_EC(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_EC(void)) -int ENGINE_register_DH(ENGINE *e); -void ENGINE_unregister_DH(ENGINE *e); -void ENGINE_register_all_DH(void); +DEPRECATEDIN_3_0(int ENGINE_register_DH(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_DH(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_DH(void)) -int ENGINE_register_RAND(ENGINE *e); -void ENGINE_unregister_RAND(ENGINE *e); -void ENGINE_register_all_RAND(void); +DEPRECATEDIN_3_0(int ENGINE_register_RAND(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_RAND(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_RAND(void)) -int ENGINE_register_ciphers(ENGINE *e); -void ENGINE_unregister_ciphers(ENGINE *e); -void ENGINE_register_all_ciphers(void); +DEPRECATEDIN_3_0(int ENGINE_register_ciphers(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_ciphers(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_ciphers(void)) -int ENGINE_register_digests(ENGINE *e); -void ENGINE_unregister_digests(ENGINE *e); -void ENGINE_register_all_digests(void); +DEPRECATEDIN_3_0(int ENGINE_register_digests(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_digests(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_digests(void)) -int ENGINE_register_pkey_meths(ENGINE *e); -void ENGINE_unregister_pkey_meths(ENGINE *e); -void ENGINE_register_all_pkey_meths(void); +DEPRECATEDIN_3_0(int ENGINE_register_pkey_meths(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_pkey_meths(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_pkey_meths(void)) -int ENGINE_register_pkey_asn1_meths(ENGINE *e); -void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); -void ENGINE_register_all_pkey_asn1_meths(void); +DEPRECATEDIN_3_0(int ENGINE_register_pkey_asn1_meths(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)) +DEPRECATEDIN_3_0(void ENGINE_register_all_pkey_asn1_meths(void)) /* * These functions register all support from the above categories. Note, use @@ -403,8 +403,8 @@ void ENGINE_register_all_pkey_asn1_meths(void); * may not need. If you only need a subset of functionality, consider using * more selective initialisation. */ -int ENGINE_register_complete(ENGINE *e); -int ENGINE_register_all_complete(void); +DEPRECATEDIN_3_0(int ENGINE_register_complete(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_register_all_complete(void)) /* * Send parameterised control commands to the engine. The possibilities to @@ -416,7 +416,8 @@ int ENGINE_register_all_complete(void); * commands that require an operational ENGINE, and only use functional * references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); +DEPRECATEDIN_3_0(int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f) (void))) /* * This function tests if an ENGINE-specific command is usable as a @@ -424,7 +425,7 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ -int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +DEPRECATEDIN_3_0(int ENGINE_cmd_is_executable(ENGINE *e, int cmd)) /* * This function works like ENGINE_ctrl() with the exception of taking a @@ -432,8 +433,9 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation * on how to use the cmd_name and cmd_optional. */ -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f) (void), int cmd_optional); +DEPRECATEDIN_3_0(int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), + int cmd_optional)) /* * This function passes a command-name and argument to an ENGINE. The @@ -457,8 +459,8 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, * applications can work consistently with the same configuration for the * same ENGINE-enabled devices, across applications. */ -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional); +DEPRECATEDIN_3_0(int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, + const char *arg, int cmd_optional)) /* * These functions are useful for manufacturing new ENGINE structures. They @@ -468,45 +470,51 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * These are also here so that the ENGINE structure doesn't have to be * exposed and break binary compatibility! */ -ENGINE *ENGINE_new(void); -int ENGINE_free(ENGINE *e); -int ENGINE_up_ref(ENGINE *e); -int ENGINE_set_id(ENGINE *e, const char *id); -int ENGINE_set_name(ENGINE *e, const char *name); -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); -int ENGINE_set_load_privkey_function(ENGINE *e, - ENGINE_LOAD_KEY_PTR loadpriv_f); -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); -int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR - loadssl_f); -int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); -int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); -int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); -int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); -int ENGINE_set_flags(ENGINE *e, int flags); -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +DEPRECATEDIN_3_0(ENGINE *ENGINE_new(void)) +DEPRECATEDIN_3_0(int ENGINE_free(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_up_ref(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_id(ENGINE *e, const char *id)) +DEPRECATEDIN_3_0(int ENGINE_set_name(ENGINE *e, const char *name)) +DEPRECATEDIN_3_0(int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)) +DEPRECATEDIN_3_0(int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)) +DEPRECATEDIN_3_0(int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth)) +DEPRECATEDIN_3_0(int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)) +DEPRECATEDIN_3_0(int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)) +DEPRECATEDIN_3_0(int ENGINE_set_destroy_function + (ENGINE *e,ENGINE_GEN_INT_FUNC_PTR destroy_f)) +DEPRECATEDIN_3_0(int ENGINE_set_init_function + (ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)) +DEPRECATEDIN_3_0(int ENGINE_set_finish_function + (ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)) +DEPRECATEDIN_3_0(int ENGINE_set_ctrl_function + (ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)) +DEPRECATEDIN_3_0(int ENGINE_set_load_privkey_function + (ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)) +DEPRECATEDIN_3_0(int ENGINE_set_load_pubkey_function + (ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)) +DEPRECATEDIN_3_0(int ENGINE_set_load_ssl_client_cert_function + (ENGINE *e, ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)) +DEPRECATEDIN_3_0(int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)) +DEPRECATEDIN_3_0(int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)) +DEPRECATEDIN_3_0(int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)) +DEPRECATEDIN_3_0(int ENGINE_set_pkey_asn1_meths(ENGINE *e, + ENGINE_PKEY_ASN1_METHS_PTR f)) +DEPRECATEDIN_3_0(int ENGINE_set_flags(ENGINE *e, int flags)) +DEPRECATEDIN_3_0(int ENGINE_set_cmd_defns(ENGINE *e, + const ENGINE_CMD_DEFN *defns)) /* These functions allow control over any per-structure ENGINE data. */ -#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ +# define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); -void *ENGINE_get_ex_data(const ENGINE *e, int idx); +DEPRECATEDIN_3_0(int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)) +DEPRECATEDIN_3_0(void *ENGINE_get_ex_data(const ENGINE *e, int idx)) -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * This function previously cleaned up anything that needs it. Auto-deinit will * now take care of it so it is no longer required to call this function. */ -# define ENGINE_cleanup() while(0) continue -#endif +# define ENGINE_cleanup() while(0) continue +# endif /* * These return values from within the ENGINE structure. These can be useful @@ -514,37 +522,44 @@ void *ENGINE_get_ex_data(const ENGINE *e, int idx); * which you obtained. Using the result for functional purposes if you only * obtained a structural reference may be problematic! */ -const char *ENGINE_get_id(const ENGINE *e); -const char *ENGINE_get_name(const ENGINE *e); -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); -const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); -const DH_METHOD *ENGINE_get_DH(const ENGINE *e); -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); -ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE - *e); -ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); -ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); -ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); -ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); -const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); -const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); -const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, - int len); -const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, - int len); -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); -int ENGINE_get_flags(const ENGINE *e); +DEPRECATEDIN_3_0(const char *ENGINE_get_id(const ENGINE *e)) +DEPRECATEDIN_3_0(const char *ENGINE_get_name(const ENGINE *e)) +DEPRECATEDIN_3_0(const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)) +DEPRECATEDIN_3_0(const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)) +DEPRECATEDIN_3_0(const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e)) +DEPRECATEDIN_3_0(const DH_METHOD *ENGINE_get_DH(const ENGINE *e)) +DEPRECATEDIN_3_0(const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function + (const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)) +DEPRECATEDIN_3_0(ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths + (const ENGINE *e)) +DEPRECATEDIN_3_0(const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)) +DEPRECATEDIN_3_0(const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)) +DEPRECATEDIN_3_0(const EVP_PKEY_METHOD *ENGINE_get_pkey_meth + (ENGINE *e, int nid)) +DEPRECATEDIN_3_0(const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth + (ENGINE *e, int nid)) +DEPRECATEDIN_3_0(const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str + (ENGINE *e, const char *str, int len)) +DEPRECATEDIN_3_0(const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str + (ENGINE **pe, const char *str, int len)) +DEPRECATEDIN_3_0(const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_get_flags(const ENGINE *e)) /* * FUNCTIONAL functions. These functions deal with ENGINE structures that @@ -564,27 +579,29 @@ int ENGINE_get_flags(const ENGINE *e); * already in use). This will fail if the engine is not currently operational * and cannot initialise. */ -int ENGINE_init(ENGINE *e); +DEPRECATEDIN_3_0(int ENGINE_init(ENGINE *e)) /* * Free a functional reference to a engine type. This does not require a * corresponding call to ENGINE_free as it also releases a structural * reference. */ -int ENGINE_finish(ENGINE *e); +DEPRECATEDIN_3_0(int ENGINE_finish(ENGINE *e)) /* * The following functions handle keys that are stored in some secondary * location, handled by the engine. The storage may be on a card or * whatever. */ -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, - EVP_PKEY **ppkey, STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data); +DEPRECATEDIN_3_0(EVP_PKEY *ENGINE_load_private_key + (ENGINE *e, const char *key_id, UI_METHOD *ui_method, + void *callback_data)) +DEPRECATEDIN_3_0(EVP_PKEY *ENGINE_load_public_key + (ENGINE *e, const char *key_id, UI_METHOD *ui_method, + void *callback_data)) +DEPRECATEDIN_3_0(int ENGINE_load_ssl_client_cert + (ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data)) /* * This returns a pointer for the current ENGINE structure that is (by @@ -592,20 +609,20 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, * incremented reference, so it should be free'd (ENGINE_finish) before it is * discarded. */ -ENGINE *ENGINE_get_default_RSA(void); +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_default_RSA(void)) /* Same for the other "methods" */ -ENGINE *ENGINE_get_default_DSA(void); -ENGINE *ENGINE_get_default_EC(void); -ENGINE *ENGINE_get_default_DH(void); -ENGINE *ENGINE_get_default_RAND(void); +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_default_DSA(void)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_default_EC(void)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_default_DH(void)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_default_RAND(void)) /* * These functions can be used to get a functional reference to perform * ciphering or digesting corresponding to "nid". */ -ENGINE *ENGINE_get_cipher_engine(int nid); -ENGINE *ENGINE_get_digest_engine(int nid); -ENGINE *ENGINE_get_pkey_meth_engine(int nid); -ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_cipher_engine(int nid)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_digest_engine(int nid)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_pkey_meth_engine(int nid)) +DEPRECATEDIN_3_0(ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)) /* * This sets a new default ENGINE structure for performing RSA operations. If @@ -613,17 +630,17 @@ ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); * its reference count up'd so the caller should still free their own * reference 'e'. */ -int ENGINE_set_default_RSA(ENGINE *e); -int ENGINE_set_default_string(ENGINE *e, const char *def_list); +DEPRECATEDIN_3_0(int ENGINE_set_default_RSA(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_string(ENGINE *e, const char *def_list)) /* Same for the other "methods" */ -int ENGINE_set_default_DSA(ENGINE *e); -int ENGINE_set_default_EC(ENGINE *e); -int ENGINE_set_default_DH(ENGINE *e); -int ENGINE_set_default_RAND(ENGINE *e); -int ENGINE_set_default_ciphers(ENGINE *e); -int ENGINE_set_default_digests(ENGINE *e); -int ENGINE_set_default_pkey_meths(ENGINE *e); -int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); +DEPRECATEDIN_3_0(int ENGINE_set_default_DSA(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_EC(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_DH(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_RAND(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_ciphers(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_digests(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_pkey_meths(ENGINE *e)) +DEPRECATEDIN_3_0(int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)) /* * The combination "set" - the flags are bitwise "OR"d from the @@ -632,9 +649,9 @@ int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); * application requires only specific functionality, consider using more * selective functions. */ -int ENGINE_set_default(ENGINE *e, unsigned int flags); +DEPRECATEDIN_3_0(int ENGINE_set_default(ENGINE *e, unsigned int flags)) -void ENGINE_add_conf_module(void); +DEPRECATEDIN_3_0(void ENGINE_add_conf_module(void)) /* Deprecated functions ... */ /* int ENGINE_clear_defaults(void); */ @@ -644,12 +661,12 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 /* * Binary versions older than this are too old for us (whether we're a loader * or a loadee) */ -# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 /* * When compiling an ENGINE entirely as an external shared library, loadable @@ -693,7 +710,7 @@ typedef struct st_dynamic_fns { * IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); -# define IMPLEMENT_DYNAMIC_CHECK_FN() \ +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ @@ -719,7 +736,7 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); */ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, const dynamic_fns *fns); -# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ OPENSSL_EXPORT \ @@ -745,13 +762,13 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, */ void *ENGINE_get_static_state(void); -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) -DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) -# endif +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_3_0(DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))) +# endif # ifdef __cplusplus } # endif -# endif -#endif +# endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_ENGINE_H */ diff --git a/include/openssl/trace.h b/include/openssl/trace.h index f71d9fb4ca..4f18e7526c 100644 --- a/include/openssl/trace.h +++ b/include/openssl/trace.h @@ -42,8 +42,10 @@ extern "C" { # define OSSL_TRACE_CATEGORY_TLS 3 # define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 # define OSSL_TRACE_CATEGORY_CONF 5 -# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 -# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 +# ifndef OPENSSL_NO_ENGINE +# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 +# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 +# endif # define OSSL_TRACE_CATEGORY_PKCS5V2 8 # define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 # define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index b5511dbdfa..a0787a67e5 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 83710f8431..64d773acbd 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -9,6 +9,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 243c0ed7c9..c92e361cde 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -9,6 +9,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "ssl_local.h" #include "e_os.h" diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2062879406..63624e9e80 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -8,6 +8,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 9bee9cb3af..d7722d76e0 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -9,6 +9,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/test/afalgtest.c b/test/afalgtest.c index 16e5dbd129..01a2c8bf46 100644 --- a/test/afalgtest.c +++ b/test/afalgtest.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include diff --git a/test/enginetest.c b/test/enginetest.c index 9957f59dc3..99d914e09a 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/util/libcrypto.num b/util/libcrypto.num index 4ed13bb5ca..2627608f55 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -54,8 +54,8 @@ X509v3_asid_is_canonical 55 3_0_0 EXIST::FUNCTION:RFC3779 ASN1_ENUMERATED_get 56 3_0_0 EXIST::FUNCTION: EVP_MD_do_all_sorted 57 3_0_0 EXIST::FUNCTION: OCSP_crl_reason_str 58 3_0_0 EXIST::FUNCTION:OCSP -ENGINE_ctrl_cmd_string 59 3_0_0 EXIST::FUNCTION:ENGINE -ENGINE_finish 60 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_ctrl_cmd_string 59 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE +ENGINE_finish 60 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SRP_Calc_client_key 61 3_0_0 EXIST::FUNCTION:SRP X509_PUBKEY_free 62 3_0_0 EXIST::FUNCTION: BIO_free_all 63 3_0_0 EXIST::FUNCTION: @@ -101,7 +101,7 @@ BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDI d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION: DH_generate_key 105 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH -ENGINE_add_conf_module 106 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_add_conf_module 106 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_new_socket 107 3_0_0 EXIST::FUNCTION:SOCK ASN1_OBJECT_free 108 3_0_0 EXIST::FUNCTION: X509_REQ_get_extensions 109 3_0_0 EXIST::FUNCTION: @@ -116,14 +116,14 @@ BIO_sock_non_fatal_error 117 3_0_0 EXIST::FUNCTION:SOCK HMAC_Update 118 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_PKCS12 119 3_0_0 EXIST::FUNCTION: EVP_BytesToKey 120 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_pkey_asn1_meths 121 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_pkey_asn1_meths 121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_BASICRESP_add1_ext_i2d 122 3_0_0 EXIST::FUNCTION:OCSP EVP_camellia_128_ctr 123 3_0_0 EXIST::FUNCTION:CAMELLIA EVP_CIPHER_impl_ctx_size 124 3_0_0 EXIST::FUNCTION: X509_CRL_get_nextUpdate 125 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0 PKCS12_free 126 3_0_0 EXIST::FUNCTION: CMS_signed_get_attr 127 3_0_0 EXIST::FUNCTION:CMS -ENGINE_set_destroy_function 128 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_destroy_function 128 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASN1_STRING_TABLE_add 129 3_0_0 EXIST::FUNCTION: d2i_ASIdentifiers 130 3_0_0 EXIST::FUNCTION:RFC3779 i2d_PKCS12_bio 131 3_0_0 EXIST::FUNCTION: @@ -147,7 +147,7 @@ EVP_PKEY_asn1_set_ctrl 149 3_0_0 EXIST::FUNCTION: EC_POINTs_mul 150 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ASN1_get_object 151 3_0_0 EXIST::FUNCTION: i2d_IPAddressFamily 152 3_0_0 EXIST::FUNCTION:RFC3779 -ENGINE_get_ctrl_function 153 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_ctrl_function 153 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_REVOKED_get_ext_count 154 3_0_0 EXIST::FUNCTION: BN_is_prime_fasttest_ex 155 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_load_PKCS12_strings 156 3_0_0 EXIST::FUNCTION: @@ -157,7 +157,7 @@ TS_VERIFY_CTX_set_store 159 3_0_0 EXIST::FUNCTION:TS PKCS12_verify_mac 160 3_0_0 EXIST::FUNCTION: X509v3_addr_canonize 161 3_0_0 EXIST::FUNCTION:RFC3779 ASN1_item_ex_i2d 162 3_0_0 EXIST::FUNCTION: -ENGINE_set_digests 163 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_digests 163 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PEM_ASN1_read_bio 164 3_0_0 EXIST::FUNCTION: CT_POLICY_EVAL_CTX_free 165 3_0_0 EXIST::FUNCTION:CT CMS_RecipientInfo_kari_get0_ctx 166 3_0_0 EXIST::FUNCTION:CMS @@ -239,20 +239,20 @@ CMS_RecipientInfo_ktri_get0_algs 243 3_0_0 EXIST::FUNCTION:CMS i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:EC MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 BN_clear_free 246 3_0_0 EXIST::FUNCTION: -ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DSO_merge 248 3_0_0 EXIST::FUNCTION: RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_meth_get_decrypt 250 3_0_0 EXIST::FUNCTION: DES_cfb_encrypt 251 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES CMS_SignerInfo_set1_signer_cert 252 3_0_0 EXIST::FUNCTION:CMS X509_CRL_load_http 253 3_0_0 EXIST::FUNCTION:SOCK -ENGINE_register_all_ciphers 254 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_ciphers 254 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SXNET_new 255 3_0_0 EXIST::FUNCTION: EVP_camellia_256_ctr 256 3_0_0 EXIST::FUNCTION:CAMELLIA d2i_PKCS8_PRIV_KEY_INFO 257 3_0_0 EXIST::FUNCTION: EVP_md2 259 3_0_0 EXIST::FUNCTION:MD2 RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 -ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASN1_NULL_free 262 3_0_0 EXIST::FUNCTION: EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:EC EVP_des_ede3 264 3_0_0 EXIST::FUNCTION:DES @@ -304,7 +304,7 @@ i2d_ASN1_IA5STRING 309 3_0_0 EXIST::FUNCTION: OCSP_check_nonce 310 3_0_0 EXIST::FUNCTION:OCSP X509_STORE_CTX_init 311 3_0_0 EXIST::FUNCTION: OCSP_RESPONSE_free 312 3_0_0 EXIST::FUNCTION:OCSP -ENGINE_set_DH 313 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_DH 313 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_CIPHER_CTX_set_flags 314 3_0_0 EXIST::FUNCTION: err_free_strings_int 315 3_0_0 EXIST::FUNCTION: PEM_write_bio_PKCS7_stream 316 3_0_0 EXIST::FUNCTION: @@ -435,7 +435,7 @@ NCONF_load 442 3_0_0 EXIST::FUNCTION: ASN1_put_object 443 3_0_0 EXIST::FUNCTION: d2i_OCSP_RESPONSE 444 3_0_0 EXIST::FUNCTION:OCSP d2i_PublicKey 445 3_0_0 EXIST::FUNCTION: -ENGINE_set_ex_data 446 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_ex_data 446 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_get_default_private_dir 447 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_set0_dane 448 3_0_0 EXIST::FUNCTION: EVP_des_ecb 449 3_0_0 EXIST::FUNCTION:DES @@ -443,7 +443,7 @@ OCSP_resp_get0 450 3_0_0 EXIST::FUNCTION:OCSP RSA_X931_generate_key_ex 452 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_get_serialNumber 453 3_0_0 EXIST::FUNCTION: BIO_sock_should_retry 454 3_0_0 EXIST::FUNCTION:SOCK -ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_MSG_IMPRINT_get_algo 456 3_0_0 EXIST::FUNCTION:TS DH_new_method 457 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH BF_ecb_encrypt 458 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 @@ -464,7 +464,7 @@ SCT_set_signature_nid 473 3_0_0 EXIST::FUNCTION:CT i2d_RSA_PUBKEY_fp 474 3_0_0 EXIST::FUNCTION:RSA,STDIO PKCS12_BAGS_it 475 3_0_0 EXIST::FUNCTION: X509_pubkey_digest 476 3_0_0 EXIST::FUNCTION: -ENGINE_register_all_RSA 477 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_RSA 477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CRYPTO_THREAD_set_local 478 3_0_0 EXIST::FUNCTION: X509_get_default_cert_dir_env 479 3_0_0 EXIST::FUNCTION: X509_CRL_sort 480 3_0_0 EXIST::FUNCTION: @@ -472,7 +472,7 @@ i2d_RSA_PUBKEY_bio 481 3_0_0 EXIST::FUNCTION:RSA ASN1_T61STRING_free 482 3_0_0 EXIST::FUNCTION: PEM_write_CMS 483 3_0_0 EXIST::FUNCTION:CMS,STDIO OPENSSL_sk_find 484 3_0_0 EXIST::FUNCTION: -ENGINE_get_ciphers 485 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_ciphers 485 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_rc2_ofb 486 3_0_0 EXIST::FUNCTION:RC2 EVP_PKEY_set1_RSA 487 3_0_0 EXIST::FUNCTION:RSA CMS_SignerInfo_get0_md_ctx 488 3_0_0 EXIST::FUNCTION:CMS @@ -527,7 +527,7 @@ i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:RSA EC_GROUP_get_trinomial_basis 539 3_0_0 EXIST::FUNCTION:EC,EC2M BIO_ADDRINFO_protocol 540 3_0_0 EXIST::FUNCTION:SOCK i2d_PBKDF2PARAM 541 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_RAND 542 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_RAND 542 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PEM_write_bio_RSAPrivateKey 543 3_0_0 EXIST::FUNCTION:RSA CONF_get_number 544 3_0_0 EXIST::FUNCTION: X509_EXTENSION_get_object 545 3_0_0 EXIST::FUNCTION: @@ -542,7 +542,7 @@ OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP RAND_status 554 3_0_0 EXIST::FUNCTION: EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160 EVP_MD_meth_set_final 556 3_0_0 EXIST::FUNCTION: -ENGINE_get_cmd_defns 557 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_cmd_defns 557 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_PKEY_USAGE_PERIOD 558 3_0_0 EXIST::FUNCTION: RSAPublicKey_dup 559 3_0_0 EXIST::FUNCTION:RSA RAND_write_file 560 3_0_0 EXIST::FUNCTION: @@ -569,7 +569,7 @@ ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M ASN1_UTF8STRING_free 584 3_0_0 EXIST::FUNCTION: BN_X931_generate_prime_ex 585 3_0_0 EXIST::FUNCTION: -ENGINE_get_RAND 586 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_RAND 586 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_DecryptInit 587 3_0_0 EXIST::FUNCTION: BN_bin2bn 588 3_0_0 EXIST::FUNCTION: X509_subject_name_hash 589 3_0_0 EXIST::FUNCTION: @@ -581,7 +581,7 @@ i2d_PKCS7_bio 594 3_0_0 EXIST::FUNCTION: EVP_MD_meth_get_copy 595 3_0_0 EXIST::FUNCTION: RAND_query_egd_bytes 596 3_0_0 EXIST::FUNCTION:EGD i2d_ASN1_PRINTABLE 597 3_0_0 EXIST::FUNCTION: -ENGINE_cmd_is_executable 598 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_cmd_is_executable 598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_puts 599 3_0_0 EXIST::FUNCTION: RSAPublicKey_it 601 3_0_0 EXIST::FUNCTION:RSA ISSUING_DIST_POINT_new 602 3_0_0 EXIST::FUNCTION: @@ -596,7 +596,7 @@ BIO_s_bio 610 3_0_0 EXIST::FUNCTION: OBJ_NAME_add 611 3_0_0 EXIST::FUNCTION: BIO_fd_non_fatal_error 612 3_0_0 EXIST::FUNCTION: EVP_PKEY_set_type 613 3_0_0 EXIST::FUNCTION: -ENGINE_get_next 614 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_next 614 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BN_is_negative 615 3_0_0 EXIST::FUNCTION: EVP_PKEY_get_attr_count 616 3_0_0 EXIST::FUNCTION: X509_REVOKED_get_ext_by_critical 617 3_0_0 EXIST::FUNCTION: @@ -647,11 +647,11 @@ CRYPTO_nistcts128_encrypt_block 663 3_0_0 EXIST::FUNCTION: EVP_MD_do_all 664 3_0_0 EXIST::FUNCTION: EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:EC CONF_parse_list 666 3_0_0 EXIST::FUNCTION: -ENGINE_set_table_flags 667 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_table_flags 667 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_MD_meth_get_ctrl 668 3_0_0 EXIST::FUNCTION: ASN1_TYPE_get_int_octetstring 669 3_0_0 EXIST::FUNCTION: PKCS5_pbe_set0_algor 670 3_0_0 EXIST::FUNCTION: -ENGINE_get_table_flags 671 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_table_flags 671 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS12_MAC_DATA_new 672 3_0_0 EXIST::FUNCTION: X509_chain_up_ref 673 3_0_0 EXIST::FUNCTION: OCSP_REQINFO_it 674 3_0_0 EXIST::FUNCTION:OCSP @@ -707,7 +707,7 @@ PEM_write_X509_REQ 725 3_0_0 EXIST::FUNCTION:STDIO BIO_snprintf 726 3_0_0 EXIST::FUNCTION: EC_POINT_hex2point 727 3_0_0 EXIST::FUNCTION:EC X509v3_get_ext_by_critical 728 3_0_0 EXIST::FUNCTION: -ENGINE_get_default_RSA 729 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RSA 729 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DSA_sign_setup 730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA OPENSSL_sk_new_null 731 3_0_0 EXIST::FUNCTION: PEM_read_PKCS8 732 3_0_0 EXIST::FUNCTION:STDIO @@ -720,7 +720,7 @@ BN_mod_exp_mont 738 3_0_0 EXIST::FUNCTION: d2i_DHxparams 739 3_0_0 EXIST::FUNCTION:DH DH_size 740 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH CONF_imodule_get_name 741 3_0_0 EXIST::FUNCTION: -ENGINE_get_pkey_meth_engine 742 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_meth_engine 742 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_BASICRESP_free 743 3_0_0 EXIST::FUNCTION:OCSP BN_set_params 744 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8 BN_add 745 3_0_0 EXIST::FUNCTION: @@ -748,7 +748,7 @@ BN_lebin2bn 766 3_0_0 EXIST::FUNCTION: AES_decrypt 767 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BIO_fd_should_retry 768 3_0_0 EXIST::FUNCTION: ASN1_STRING_new 769 3_0_0 EXIST::FUNCTION: -ENGINE_init 770 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_init 770 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_RESP_CTX_add_flags 771 3_0_0 EXIST::FUNCTION:TS BIO_gethostbyname 772 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK X509V3_EXT_add 773 3_0_0 EXIST::FUNCTION: @@ -818,7 +818,7 @@ OCSP_response_status_str 837 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_gcm128_new 838 3_0_0 EXIST::FUNCTION: SMIME_read_PKCS7 839 3_0_0 EXIST::FUNCTION: EC_GROUP_copy 840 3_0_0 EXIST::FUNCTION:EC -ENGINE_set_ciphers 841 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_ciphers 841 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OPENSSL_LH_doall_arg 842 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 843 3_0_0 EXIST::FUNCTION:OCSP X509_REQ_get_attr_by_NID 844 3_0_0 EXIST::FUNCTION: @@ -859,7 +859,7 @@ CMS_ReceiptRequest_create0 879 3_0_0 EXIST::FUNCTION:CMS EVP_MD_meth_set_cleanup 880 3_0_0 EXIST::FUNCTION: EVP_aes_128_xts 881 3_0_0 EXIST::FUNCTION: TS_RESP_verify_signature 883 3_0_0 EXIST::FUNCTION:TS -ENGINE_set_pkey_meths 884 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_pkey_meths 884 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CMS_EncryptedData_decrypt 885 3_0_0 EXIST::FUNCTION:CMS CONF_module_add 886 3_0_0 EXIST::FUNCTION: ASN1_UTCTIME_print 887 3_0_0 EXIST::FUNCTION: @@ -879,7 +879,7 @@ OCSP_SINGLERESP_add_ext 900 3_0_0 EXIST::FUNCTION:OCSP d2i_X509_SIG 901 3_0_0 EXIST::FUNCTION: X509_NAME_set 902 3_0_0 EXIST::FUNCTION: OPENSSL_sk_pop 903 3_0_0 EXIST::FUNCTION: -ENGINE_register_ciphers 904 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_ciphers 904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS5_pbe2_set_iv 905 3_0_0 EXIST::FUNCTION: ASN1_add_stable_module 906 3_0_0 EXIST::FUNCTION: EVP_camellia_128_cbc 907 3_0_0 EXIST::FUNCTION:CAMELLIA @@ -946,7 +946,7 @@ DES_options 969 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 IPAddressChoice_it 970 3_0_0 EXIST::FUNCTION:RFC3779 ASN1_UNIVERSALSTRING_it 971 3_0_0 EXIST::FUNCTION: d2i_DSAPublicKey 972 3_0_0 EXIST::FUNCTION:DSA -ENGINE_get_name 973 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_name 973 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CRYPTO_THREAD_read_lock 974 3_0_0 EXIST::FUNCTION: ASIdentifierChoice_free 975 3_0_0 EXIST::FUNCTION:RFC3779 BIO_dgram_sctp_msg_waiting 976 3_0_0 EXIST::FUNCTION:DGRAM,SCTP @@ -974,7 +974,7 @@ ERR_unload_strings 998 3_0_0 EXIST::FUNCTION: SEED_cfb128_encrypt 999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED ASN1_BIT_STRING_it 1000 3_0_0 EXIST::FUNCTION: PKCS12_decrypt_skey 1001 3_0_0 EXIST::FUNCTION: -ENGINE_register_EC 1002 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_EC 1002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_RESPONSE_new 1003 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_cbc128_encrypt 1004 3_0_0 EXIST::FUNCTION: i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:RSA @@ -1007,7 +1007,7 @@ X509_CRL_METHOD_new 1032 3_0_0 EXIST::FUNCTION: ASN1_ANY_it 1033 3_0_0 EXIST::FUNCTION: d2i_DSA_SIG 1034 3_0_0 EXIST::FUNCTION:DSA DH_free 1035 3_0_0 EXIST::FUNCTION:DH -ENGINE_register_all_DSA 1036 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DSA 1036 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_REQ_set_msg_imprint 1037 3_0_0 EXIST::FUNCTION:TS BN_mod_sub_quick 1038 3_0_0 EXIST::FUNCTION: SMIME_write_CMS 1039 3_0_0 EXIST::FUNCTION:CMS @@ -1042,7 +1042,7 @@ NETSCAPE_SPKAC_free 1068 3_0_0 EXIST::FUNCTION: X509_CRL_diff 1069 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set_flags 1070 3_0_0 EXIST::FUNCTION: X509_EXTENSION_set_data 1071 3_0_0 EXIST::FUNCTION: -ENGINE_get_EC 1072 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_EC 1072 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASN1_STRING_copy 1073 3_0_0 EXIST::FUNCTION: EVP_PKEY_encrypt_old 1074 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OPENSSL_LH_free 1075 3_0_0 EXIST::FUNCTION: @@ -1053,19 +1053,19 @@ BIO_nread 1079 3_0_0 EXIST::FUNCTION: PEM_read_bio_RSAPrivateKey 1080 3_0_0 EXIST::FUNCTION:RSA OBJ_nid2obj 1081 3_0_0 EXIST::FUNCTION: CRYPTO_ofb128_encrypt 1082 3_0_0 EXIST::FUNCTION: -ENGINE_set_init_function 1083 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_init_function 1083 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE NCONF_default 1084 3_0_0 EXIST::FUNCTION: -ENGINE_remove 1085 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_remove 1085 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASYNC_get_current_job 1086 3_0_0 EXIST::FUNCTION: OBJ_nid2sn 1087 3_0_0 EXIST::FUNCTION: X509_gmtime_adj 1088 3_0_0 EXIST::FUNCTION: X509_add_ext 1089 3_0_0 EXIST::FUNCTION: -ENGINE_set_DSA 1090 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_DSA 1090 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_KEY_METHOD_set_sign 1091 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC d2i_TS_MSG_IMPRINT 1092 3_0_0 EXIST::FUNCTION:TS X509_print_ex_fp 1093 3_0_0 EXIST::FUNCTION:STDIO ERR_load_PEM_strings 1094 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_pkey_asn1_meths 1095 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_pkey_asn1_meths 1095 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE IPAddressFamily_free 1096 3_0_0 EXIST::FUNCTION:RFC3779 UI_method_get_prompt_constructor 1097 3_0_0 EXIST::FUNCTION: ASN1_NULL_it 1098 3_0_0 EXIST::FUNCTION: @@ -1105,7 +1105,7 @@ d2i_ASN1_UTF8STRING 1131 3_0_0 EXIST::FUNCTION: EXTENDED_KEY_USAGE_it 1132 3_0_0 EXIST::FUNCTION: EVP_CipherInit 1133 3_0_0 EXIST::FUNCTION: PKCS12_add_safe 1134 3_0_0 EXIST::FUNCTION: -ENGINE_get_digest 1135 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_digest 1135 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_GROUP_have_precompute_mult 1136 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OPENSSL_gmtime 1137 3_0_0 EXIST::FUNCTION: X509_set_issuer_name 1138 3_0_0 EXIST::FUNCTION: @@ -1148,13 +1148,13 @@ ASN1_PCTX_get_str_flags 1174 3_0_0 EXIST::FUNCTION: SHA256 1175 3_0_0 EXIST::FUNCTION: X509_LOOKUP_hash_dir 1176 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_check 1177 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_connect 1179 3_0_0 EXIST::FUNCTION:SOCK TS_TST_INFO_add_ext 1180 3_0_0 EXIST::FUNCTION:TS EVP_aes_192_ccm 1181 3_0_0 EXIST::FUNCTION: X509V3_add_value 1182 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set0_keygen_info 1183 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_digests 1184 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_digests 1184 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE IPAddressOrRange_new 1185 3_0_0 EXIST::FUNCTION:RFC3779 EVP_aes_256_ofb 1186 3_0_0 EXIST::FUNCTION: CRYPTO_mem_debug_push 1187 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 @@ -1178,7 +1178,7 @@ EVP_cast5_cfb64 1204 3_0_0 EXIST::FUNCTION:CAST OPENSSL_uni2asc 1205 3_0_0 EXIST::FUNCTION: SCT_validation_status_string 1206 3_0_0 EXIST::FUNCTION:CT PKCS7_add_attribute 1207 3_0_0 EXIST::FUNCTION: -ENGINE_register_DSA 1208 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_DSA 1208 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:STDIO X509_policy_tree_free 1210 3_0_0 EXIST::FUNCTION: EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC @@ -1210,7 +1210,7 @@ PBKDF2PARAM_free 1236 3_0_0 EXIST::FUNCTION: i2d_CMS_ContentInfo 1237 3_0_0 EXIST::FUNCTION:CMS EVP_CIPHER_meth_set_ctrl 1238 3_0_0 EXIST::FUNCTION: RSA_public_decrypt 1239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -ENGINE_get_id 1240 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_id 1240 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS12_item_decrypt_d2i 1241 3_0_0 EXIST::FUNCTION: PEM_read_bio_DSAparams 1242 3_0_0 EXIST::FUNCTION:DSA X509_CRL_cmp 1243 3_0_0 EXIST::FUNCTION: @@ -1284,7 +1284,7 @@ CMS_add_standard_smimecap 1312 3_0_0 EXIST::FUNCTION:CMS PKCS7_add_attrib_content_type 1313 3_0_0 EXIST::FUNCTION: BN_BLINDING_set_flags 1314 3_0_0 EXIST::FUNCTION: ERR_peek_last_error 1315 3_0_0 EXIST::FUNCTION: -ENGINE_set_cmd_defns 1316 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_cmd_defns 1316 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ASN1_NULL 1317 3_0_0 EXIST::FUNCTION: RAND_event 1318 3_0_0 EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0 i2d_PKCS12_fp 1319 3_0_0 EXIST::FUNCTION:STDIO @@ -1316,7 +1316,7 @@ EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:EC PEM_write_bio_CMS_stream 1345 3_0_0 EXIST::FUNCTION:CMS BIO_f_linebuffer 1346 3_0_0 EXIST::FUNCTION: ASN1_item_d2i_bio 1347 3_0_0 EXIST::FUNCTION: -ENGINE_get_flags 1348 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_flags 1348 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_resp_find 1349 3_0_0 EXIST::FUNCTION:OCSP OPENSSL_LH_node_usage_stats_bio 1350 3_0_0 EXIST::FUNCTION: EVP_PKEY_encrypt 1351 3_0_0 EXIST::FUNCTION: @@ -1342,7 +1342,7 @@ OPENSSL_sk_unshift 1372 3_0_0 EXIST::FUNCTION: BN_GENCB_set_old 1373 3_0_0 EXIST::FUNCTION: PEM_write_bio_X509 1374 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_free 1375 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_DH 1376 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DH 1376 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PROXY_CERT_INFO_EXTENSION_it 1377 3_0_0 EXIST::FUNCTION: CT_POLICY_EVAL_CTX_set1_cert 1378 3_0_0 EXIST::FUNCTION:CT X509_NAME_hash 1379 3_0_0 EXIST::FUNCTION: @@ -1396,7 +1396,7 @@ RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION: OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP -ENGINE_get_RSA 1432 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_RSA 1432 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE RAND_get_rand_method 1433 3_0_0 EXIST::FUNCTION: ERR_load_DSA_strings 1434 3_0_0 EXIST::FUNCTION:DSA ASN1_check_infinite_end 1435 3_0_0 EXIST::FUNCTION: @@ -1436,11 +1436,11 @@ EVP_get_pw_prompt 1469 3_0_0 EXIST::FUNCTION: BN_bn2bin 1470 3_0_0 EXIST::FUNCTION: d2i_ASN1_BIT_STRING 1471 3_0_0 EXIST::FUNCTION: OCSP_CERTSTATUS_new 1472 3_0_0 EXIST::FUNCTION:OCSP -ENGINE_register_RAND 1473 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_RAND 1473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509V3_section_free 1474 3_0_0 EXIST::FUNCTION: CRYPTO_mem_debug_free 1475 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 d2i_OCSP_REQUEST 1476 3_0_0 EXIST::FUNCTION:OCSP -ENGINE_get_cipher_engine 1477 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_cipher_engine 1477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SHA384_Final 1478 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_certs 1479 3_0_0 EXIST::FUNCTION:TS BN_MONT_CTX_free 1480 3_0_0 EXIST::FUNCTION: @@ -1456,15 +1456,15 @@ BIO_indent 1489 3_0_0 EXIST::FUNCTION: i2d_X509_fp 1490 3_0_0 EXIST::FUNCTION:STDIO d2i_ASN1_TYPE 1491 3_0_0 EXIST::FUNCTION: CTLOG_STORE_free 1492 3_0_0 EXIST::FUNCTION:CT -ENGINE_get_pkey_meths 1493 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_meths 1493 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE i2d_TS_REQ_bio 1494 3_0_0 EXIST::FUNCTION:TS EVP_PKEY_CTX_get_operation 1495 3_0_0 EXIST::FUNCTION: EVP_MD_meth_set_ctrl 1496 3_0_0 EXIST::FUNCTION: X509_EXTENSION_set_critical 1497 3_0_0 EXIST::FUNCTION: BIO_ADDR_clear 1498 3_0_0 EXIST::FUNCTION:SOCK -ENGINE_get_DSA 1499 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_DSA 1499 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASYNC_get_wait_ctx 1500 3_0_0 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 1501 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_load_privkey_function 1501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CRYPTO_ccm128_setiv 1502 3_0_0 EXIST::FUNCTION: PKCS7_dataFinal 1503 3_0_0 EXIST::FUNCTION: SHA1_Final 1504 3_0_0 EXIST::FUNCTION: @@ -1571,7 +1571,7 @@ PEM_read_bio_X509_AUX 1606 3_0_0 EXIST::FUNCTION: TS_ext_print_bio 1607 3_0_0 EXIST::FUNCTION:TS SCT_set1_log_id 1608 3_0_0 EXIST::FUNCTION:CT X509_get0_pubkey_bitstr 1609 3_0_0 EXIST::FUNCTION: -ENGINE_register_all_RAND 1610 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_RAND 1610 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_MD_meth_get_result_size 1612 3_0_0 EXIST::FUNCTION: BIO_ADDRINFO_address 1613 3_0_0 EXIST::FUNCTION:SOCK ASN1_STRING_print_ex 1614 3_0_0 EXIST::FUNCTION: @@ -1592,7 +1592,7 @@ BN_BLINDING_convert 1628 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_cleanup 1629 3_0_0 EXIST::FUNCTION:OCB EVP_des_ede_cbc 1630 3_0_0 EXIST::FUNCTION:DES i2d_ASN1_TIME 1631 3_0_0 EXIST::FUNCTION: -ENGINE_register_all_pkey_asn1_meths 1632 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_pkey_asn1_meths 1632 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_set_max_response_length 1633 3_0_0 EXIST::FUNCTION: d2i_ISSUING_DIST_POINT 1634 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_set0_key 1635 3_0_0 EXIST::FUNCTION:CMS @@ -1654,14 +1654,14 @@ PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:EC EVP_PKEY_get_attr 1692 3_0_0 EXIST::FUNCTION: PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:EC d2i_PKCS12_MAC_DATA 1694 3_0_0 EXIST::FUNCTION: -ENGINE_ctrl_cmd 1695 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_ctrl_cmd 1695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION: TS_CONF_set_digests 1697 3_0_0 EXIST::FUNCTION:TS PKCS7_SIGNED_it 1698 3_0_0 EXIST::FUNCTION: b2i_PublicKey 1699 3_0_0 EXIST::FUNCTION:DSA X509_PURPOSE_cleanup 1700 3_0_0 EXIST::FUNCTION: ESS_SIGNING_CERT_dup 1701 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_DSA 1702 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DSA 1702 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_REVOKED_new 1703 3_0_0 EXIST::FUNCTION: NCONF_WIN32 1704 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RSA_padding_check_PKCS1_OAEP_mgf1 1705 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA @@ -1671,7 +1671,7 @@ BIO_vfree 1709 3_0_0 EXIST::FUNCTION: CRYPTO_cbc128_decrypt 1710 3_0_0 EXIST::FUNCTION: UI_dup_verify_string 1711 3_0_0 EXIST::FUNCTION: d2i_PKCS7_bio 1712 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_digests 1713 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_digests 1713 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE i2d_PublicKey 1714 3_0_0 EXIST::FUNCTION: RC5_32_set_key 1715 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 AES_unwrap_key 1716 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -1681,7 +1681,7 @@ BF_ofb64_encrypt 1719 3_0_0 EXIST::FUNCTION:BF,DEPRECATED d2i_TS_TST_INFO_fp 1720 3_0_0 EXIST::FUNCTION:STDIO,TS X509_find_by_issuer_and_serial 1721 3_0_0 EXIST::FUNCTION: EVP_PKEY_type 1722 3_0_0 EXIST::FUNCTION: -ENGINE_ctrl 1723 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_ctrl 1723 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_cast5_ecb 1724 3_0_0 EXIST::FUNCTION:CAST BIO_nwrite0 1725 3_0_0 EXIST::FUNCTION: CAST_encrypt 1726 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0 @@ -1878,7 +1878,7 @@ ASN1_INTEGER_set 1922 3_0_0 EXIST::FUNCTION: EVP_DecodeFinal 1923 3_0_0 EXIST::FUNCTION: MD5_Transform 1925 3_0_0 EXIST::FUNCTION:MD5 SRP_create_verifier_BN 1926 3_0_0 EXIST::FUNCTION:SRP -ENGINE_register_all_EC 1927 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_EC 1927 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_camellia_128_ofb 1928 3_0_0 EXIST::FUNCTION:CAMELLIA PEM_write_X509_AUX 1929 3_0_0 EXIST::FUNCTION:STDIO X509_LOOKUP_by_subject 1930 3_0_0 EXIST::FUNCTION: @@ -1913,7 +1913,7 @@ i2d_X509_NAME 1958 3_0_0 EXIST::FUNCTION: EVP_PKEY_add1_attr 1959 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_purpose_inherit 1960 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_keygen 1961 3_0_0 EXIST::FUNCTION: -ENGINE_get_pkey_asn1_meth 1962 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_asn1_meth 1962 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SHA256_Update 1963 3_0_0 EXIST::FUNCTION: d2i_PKCS7_ISSUER_AND_SERIAL 1964 3_0_0 EXIST::FUNCTION: PKCS12_unpack_authsafes 1965 3_0_0 EXIST::FUNCTION: @@ -1962,11 +1962,11 @@ BN_exp 2007 3_0_0 EXIST::FUNCTION: i2d_SXNET 2008 3_0_0 EXIST::FUNCTION: OBJ_bsearch_ 2009 3_0_0 EXIST::FUNCTION: OPENSSL_LH_new 2010 3_0_0 EXIST::FUNCTION: -ENGINE_register_all_pkey_meths 2011 3_0_0 EXIST::FUNCTION:ENGINE -ENGINE_get_init_function 2012 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_pkey_meths 2011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE +ENGINE_get_init_function 2012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_POINT_point2hex 2013 3_0_0 EXIST::FUNCTION:EC -ENGINE_get_default_DSA 2014 3_0_0 EXIST::FUNCTION:ENGINE -ENGINE_register_all_complete 2015 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DSA 2014 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE +ENGINE_register_all_complete 2015 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SRP_get_default_gN 2016 3_0_0 EXIST::FUNCTION:SRP UI_dup_input_boolean 2017 3_0_0 EXIST::FUNCTION: PKCS7_dup 2018 3_0_0 EXIST::FUNCTION: @@ -1977,14 +1977,14 @@ SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION: i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION: BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION: -ENGINE_get_pkey_asn1_meth_str 2026 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_asn1_meth_str 2026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS7_signatureVerify 2027 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_new 2028 3_0_0 EXIST::FUNCTION:OCB EC_curve_nist2nid 2029 3_0_0 EXIST::FUNCTION:EC UI_get0_result 2030 3_0_0 EXIST::FUNCTION: OCSP_request_add1_nonce 2031 3_0_0 EXIST::FUNCTION:OCSP UI_construct_prompt 2032 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_RSA 2033 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_RSA 2033 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_GROUP_order_bits 2034 3_0_0 EXIST::FUNCTION:EC d2i_CMS_bio 2035 3_0_0 EXIST::FUNCTION:CMS OPENSSL_sk_num 2036 3_0_0 EXIST::FUNCTION: @@ -2007,7 +2007,7 @@ i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION: PKCS7_SIGNED_free 2055 3_0_0 EXIST::FUNCTION: X509_TRUST_get0_name 2056 3_0_0 EXIST::FUNCTION: -ENGINE_get_load_pubkey_function 2057 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_load_pubkey_function 2057 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE UI_get_default_method 2058 3_0_0 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2059 3_0_0 EXIST::FUNCTION: PEM_write_PUBKEY 2060 3_0_0 EXIST::FUNCTION:STDIO @@ -2058,8 +2058,8 @@ CRYPTO_cts128_decrypt 2104 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_fd 2105 3_0_0 EXIST::FUNCTION: i2d_TS_REQ 2106 3_0_0 EXIST::FUNCTION:TS OCSP_ONEREQ_add1_ext_i2d 2107 3_0_0 EXIST::FUNCTION:OCSP -ENGINE_register_pkey_meths 2108 3_0_0 EXIST::FUNCTION:ENGINE -ENGINE_load_public_key 2109 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_pkey_meths 2108 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE +ENGINE_load_public_key 2109 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASIdOrRange_it 2110 3_0_0 EXIST::FUNCTION:RFC3779 DHparams_print_fp 2111 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO ERR_load_CRYPTO_strings 2112 3_0_0 EXIST:!VMS:FUNCTION: @@ -2072,7 +2072,7 @@ CAST_ecb_encrypt 2117 3_0_0 EXIST::FUNCTION:CAST,DEPRECAT BIO_s_file 2118 3_0_0 EXIST::FUNCTION: RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_decrypt_init 2120 3_0_0 EXIST::FUNCTION: -ENGINE_get_destroy_function 2121 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_destroy_function 2121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SHA224_Init 2122 3_0_0 EXIST::FUNCTION: X509V3_EXT_add_conf 2123 3_0_0 EXIST::FUNCTION: ASN1_object_size 2124 3_0_0 EXIST::FUNCTION: @@ -2184,18 +2184,18 @@ OTHERNAME_new 2231 3_0_0 EXIST::FUNCTION: BN_rshift 2232 3_0_0 EXIST::FUNCTION: i2d_GENERAL_NAMES 2233 3_0_0 EXIST::FUNCTION: EC_METHOD_get_field_type 2234 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -ENGINE_set_name 2235 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_name 2235 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_TST_INFO_get_policy_id 2236 3_0_0 EXIST::FUNCTION:TS PKCS7_SIGNER_INFO_set 2237 3_0_0 EXIST::FUNCTION: PEM_write_bio_PKCS8_PRIV_KEY_INFO 2238 3_0_0 EXIST::FUNCTION: EC_GROUP_set_curve_GF2m 2239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M -ENGINE_load_builtin_engines 2240 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_load_builtin_engines 2240 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SRP_VBASE_init 2241 3_0_0 EXIST::FUNCTION:SRP SHA224_Final 2242 3_0_0 EXIST::FUNCTION: OCSP_CERTSTATUS_free 2243 3_0_0 EXIST::FUNCTION:OCSP d2i_TS_TST_INFO 2244 3_0_0 EXIST::FUNCTION:TS IPAddressOrRange_it 2245 3_0_0 EXIST::FUNCTION:RFC3779 -ENGINE_get_cipher 2246 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_cipher 2246 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_TST_INFO_delete_ext 2247 3_0_0 EXIST::FUNCTION:TS TS_OBJ_print_bio 2248 3_0_0 EXIST::FUNCTION:TS X509_time_adj_ex 2249 3_0_0 EXIST::FUNCTION: @@ -2224,7 +2224,7 @@ NCONF_free 2271 3_0_0 EXIST::FUNCTION: NETSCAPE_SPKI_b64_decode 2272 3_0_0 EXIST::FUNCTION: BIO_f_md 2273 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_pkey_ctx 2274 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_EC 2275 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_EC 2275 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CMS_ReceiptRequest_free 2276 3_0_0 EXIST::FUNCTION:CMS TS_STATUS_INFO_get0_text 2277 3_0_0 EXIST::FUNCTION:TS CRYPTO_get_ex_new_index 2278 3_0_0 EXIST::FUNCTION: @@ -2330,7 +2330,7 @@ ASN1_SCTX_set_app_data 2378 3_0_0 EXIST::FUNCTION: CMS_add0_cert 2379 3_0_0 EXIST::FUNCTION:CMS i2d_GENERAL_NAME 2380 3_0_0 EXIST::FUNCTION: BIO_ADDR_new 2381 3_0_0 EXIST::FUNCTION:SOCK -ENGINE_get_pkey_asn1_meth_engine 2382 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_asn1_meth_engine 2382 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ASN1_BMPSTRING 2383 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_create0_p8inf 2384 3_0_0 EXIST::FUNCTION: OBJ_cmp 2385 3_0_0 EXIST::FUNCTION: @@ -2353,7 +2353,7 @@ EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:EC SRP_VBASE_new 2403 3_0_0 EXIST::FUNCTION:SRP i2d_ECDSA_SIG 2404 3_0_0 EXIST::FUNCTION:EC BIO_dump_indent 2405 3_0_0 EXIST::FUNCTION: -ENGINE_set_pkey_asn1_meths 2406 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_pkey_asn1_meths 2406 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OPENSSL_gmtime_diff 2407 3_0_0 EXIST::FUNCTION: TS_CONF_set_crypto_device 2408 3_0_0 EXIST::FUNCTION:ENGINE,TS COMP_CTX_get_method 2409 3_0_0 EXIST::FUNCTION:COMP @@ -2427,12 +2427,12 @@ BN_pseudo_rand_range 2477 3_0_0 EXIST::FUNCTION: X509V3_EXT_add_nconf 2478 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2479 3_0_0 EXIST::FUNCTION: ASN1_T61STRING_it 2480 3_0_0 EXIST::FUNCTION: -ENGINE_get_prev 2481 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_prev 2481 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_accept_responses_new 2482 3_0_0 EXIST::FUNCTION:OCSP ERR_load_EC_strings 2483 3_0_0 EXIST::FUNCTION:EC X509V3_string_free 2484 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_paramgen 2485 3_0_0 EXIST::FUNCTION: -ENGINE_set_load_ssl_client_cert_function 2486 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_load_ssl_client_cert_function 2486 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_ENCODE_CTX_free 2487 3_0_0 EXIST::FUNCTION: i2d_ASN1_BIT_STRING 2488 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_verifyctx 2489 3_0_0 EXIST::FUNCTION: @@ -2446,12 +2446,12 @@ BN_mod_mul 2496 3_0_0 EXIST::FUNCTION: CMS_add0_recipient_key 2497 3_0_0 EXIST::FUNCTION:CMS BIO_f_zlib 2498 3_0_0 EXIST::FUNCTION:COMP,ZLIB AES_cfb128_encrypt 2499 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -ENGINE_set_EC 2500 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_EC 2500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ECPKParameters 2501 3_0_0 EXIST::FUNCTION:EC IDEA_ofb64_encrypt 2502 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA CAST_decrypt 2503 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0 TS_STATUS_INFO_get0_failure_info 2504 3_0_0 EXIST::FUNCTION:TS -ENGINE_unregister_pkey_meths 2506 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_pkey_meths 2506 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DISPLAYTEXT_new 2507 3_0_0 EXIST::FUNCTION: CMS_final 2508 3_0_0 EXIST::FUNCTION:CMS BIO_nwrite 2509 3_0_0 EXIST::FUNCTION: @@ -2527,7 +2527,7 @@ PKCS12_SAFEBAG_get_nid 2580 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_set_update_fn 2581 3_0_0 EXIST::FUNCTION: BIO_f_asn1 2582 3_0_0 EXIST::FUNCTION: BIO_dump 2583 3_0_0 EXIST::FUNCTION: -ENGINE_load_ssl_client_cert 2584 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_load_ssl_client_cert 2584 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_STORE_CTX_set_verify_cb 2585 3_0_0 EXIST::FUNCTION: CRYPTO_clear_realloc 2586 3_0_0 EXIST::FUNCTION: OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION: @@ -2543,18 +2543,18 @@ X509_VERIFY_PARAM_add1_host 2596 3_0_0 EXIST::FUNCTION: i2d_PUBKEY_bio 2597 3_0_0 EXIST::FUNCTION: MD4_Update 2598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 X509_STORE_CTX_set_time 2599 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_DH 2600 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DH 2600 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_ocspid_print 2601 3_0_0 EXIST::FUNCTION: DH_set_method 2602 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH EVP_rc2_64_cbc 2603 3_0_0 EXIST::FUNCTION:RC2 CRYPTO_THREAD_get_current_id 2604 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_cb 2605 3_0_0 EXIST::FUNCTION: PROXY_POLICY_it 2606 3_0_0 EXIST::FUNCTION: -ENGINE_register_complete 2607 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_complete 2607 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_DecodeUpdate 2609 3_0_0 EXIST::FUNCTION: -ENGINE_get_default_RAND 2610 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RAND 2610 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ERR_peek_last_error_line 2611 3_0_0 EXIST::FUNCTION: -ENGINE_get_ssl_client_cert_function 2612 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 2612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:STDIO DIRECTORYSTRING_it 2614 3_0_0 EXIST::FUNCTION: BIO_write 2615 3_0_0 EXIST::FUNCTION: @@ -2661,11 +2661,11 @@ X509_STORE_set_default_paths 2717 3_0_0 EXIST::FUNCTION: d2i_TS_REQ 2718 3_0_0 EXIST::FUNCTION:TS i2d_TS_TST_INFO_bio 2719 3_0_0 EXIST::FUNCTION:TS CMS_sign_receipt 2720 3_0_0 EXIST::FUNCTION:CMS -ENGINE_set_RAND 2721 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_RAND 2721 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_REVOKED_get_ext_by_OBJ 2722 3_0_0 EXIST::FUNCTION: SEED_decrypt 2723 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED PEM_write_PKCS8PrivateKey 2724 3_0_0 EXIST::FUNCTION:STDIO -ENGINE_new 2725 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_new 2725 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_check_issued 2726 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_iv_length 2727 3_0_0 EXIST::FUNCTION: DES_string_to_2keys 2728 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES @@ -2681,8 +2681,8 @@ BIO_get_ex_data 2737 3_0_0 EXIST::FUNCTION: CMS_digest_create 2738 3_0_0 EXIST::FUNCTION:CMS EC_KEY_METHOD_set_verify 2739 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PEM_read_RSAPublicKey 2740 3_0_0 EXIST::FUNCTION:RSA,STDIO -ENGINE_pkey_asn1_find_str 2741 3_0_0 EXIST::FUNCTION:ENGINE -ENGINE_get_load_privkey_function 2742 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_pkey_asn1_find_str 2741 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE +ENGINE_get_load_privkey_function 2742 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_IPAddressRange 2743 3_0_0 EXIST::FUNCTION:RFC3779 ERR_remove_state 2744 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_0_0 X509_CRL_print_fp 2745 3_0_0 EXIST::FUNCTION:STDIO @@ -2712,7 +2712,7 @@ OCSP_RESPID_it 2769 3_0_0 EXIST::FUNCTION:OCSP EVP_des_ede3_cbc 2770 3_0_0 EXIST::FUNCTION:DES X509_up_ref 2771 3_0_0 EXIST::FUNCTION: OBJ_NAME_do_all_sorted 2772 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_DSA 2773 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DSA 2773 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASN1_bn_print 2774 3_0_0 EXIST::FUNCTION: CMS_is_detached 2775 3_0_0 EXIST::FUNCTION:CMS X509_REQ_INFO_it 2776 3_0_0 EXIST::FUNCTION: @@ -2746,7 +2746,7 @@ EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:EC EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OPENSSL_asc2uni 2807 3_0_0 EXIST::FUNCTION: TS_REQ_new 2808 3_0_0 EXIST::FUNCTION:TS -ENGINE_register_all_DH 2809 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DH 2809 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ERR_clear_error 2810 3_0_0 EXIST::FUNCTION: EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:EC X509_LOOKUP_init 2812 3_0_0 EXIST::FUNCTION: @@ -2810,7 +2810,7 @@ BN_CTX_start 2871 3_0_0 EXIST::FUNCTION: BN_print 2872 3_0_0 EXIST::FUNCTION: EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:EC EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION: -ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION: OPENSSL_cleanse 2877 3_0_0 EXIST::FUNCTION: SCT_set0_signature 2878 3_0_0 EXIST::FUNCTION:CT @@ -2835,7 +2835,7 @@ X509_get_default_cert_area 2896 3_0_0 EXIST::FUNCTION: ERR_load_DSO_strings 2897 3_0_0 EXIST::FUNCTION: ASIdentifiers_it 2898 3_0_0 EXIST::FUNCTION:RFC3779 BN_mod_lshift 2899 3_0_0 EXIST::FUNCTION: -ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION: i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO X509_REQ_print 2903 3_0_0 EXIST::FUNCTION: @@ -2869,7 +2869,7 @@ BN_with_flags 2930 3_0_0 EXIST::FUNCTION: DSO_ctrl 2931 3_0_0 EXIST::FUNCTION: EVP_MD_meth_get_final 2932 3_0_0 EXIST::FUNCTION: ASN1_TYPE_get_octetstring 2933 3_0_0 EXIST::FUNCTION: -ENGINE_by_id 2934 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_by_id 2934 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_PKCS7_SIGNER_INFO 2935 3_0_0 EXIST::FUNCTION: EVP_aes_192_cbc 2936 3_0_0 EXIST::FUNCTION: PKCS8_pkey_set0 2937 3_0_0 EXIST::FUNCTION: @@ -2896,10 +2896,10 @@ COMP_get_name 2958 3_0_0 EXIST::FUNCTION:COMP EC_GROUP_new_curve_GF2m 2959 3_0_0 EXIST::FUNCTION:EC,EC2M X509_SIG_free 2960 3_0_0 EXIST::FUNCTION: PEM_ASN1_write 2961 3_0_0 EXIST::FUNCTION:STDIO -ENGINE_get_digest_engine 2962 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_digest_engine 2962 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BN_CTX_new 2963 3_0_0 EXIST::FUNCTION: EC_curve_nid2nist 2964 3_0_0 EXIST::FUNCTION:EC -ENGINE_get_finish_function 2965 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_finish_function 2965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_POINT_add 2966 3_0_0 EXIST::FUNCTION:EC EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:EC SHA384_Init 2968 3_0_0 EXIST::FUNCTION: @@ -2915,7 +2915,7 @@ DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ CRYPTO_secure_malloc 2978 3_0_0 EXIST::FUNCTION: TS_RESP_get_status_info 2979 3_0_0 EXIST::FUNCTION:TS HMAC_CTX_new 2980 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -ENGINE_get_default_DH 2981 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DH 2981 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ECDSA_do_verify 2982 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC DSO_flags 2983 3_0_0 EXIST::FUNCTION: RAND_add 2984 3_0_0 EXIST::FUNCTION: @@ -3010,7 +3010,7 @@ i2d_X509_REQ_bio 3074 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_name 3075 3_0_0 EXIST::FUNCTION: d2i_RSAPublicKey_bio 3076 3_0_0 EXIST::FUNCTION:RSA X509_REQ_get_X509_PUBKEY 3077 3_0_0 EXIST::FUNCTION: -ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE GENERAL_NAMES_new 3079 3_0_0 EXIST::FUNCTION: i2d_POLICYQUALINFO 3080 3_0_0 EXIST::FUNCTION: EC_GF2m_simple_method 3081 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M @@ -3028,7 +3028,7 @@ EVP_EncodeInit 3092 3_0_0 EXIST::FUNCTION: X509_get0_trust_objects 3093 3_0_0 EXIST::FUNCTION: d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:EC BIO_s_secmem 3095 3_0_0 EXIST::FUNCTION: -ENGINE_get_default_EC 3096 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_default_EC 3096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_RESP_create_response 3097 3_0_0 EXIST::FUNCTION:TS BIO_ADDR_rawaddress 3098 3_0_0 EXIST::FUNCTION:SOCK PKCS7_ENCRYPT_new 3099 3_0_0 EXIST::FUNCTION: @@ -3130,7 +3130,7 @@ CRYPTO_THREAD_run_once 3195 3_0_0 EXIST::FUNCTION: TS_REQ_print_bio 3196 3_0_0 EXIST::FUNCTION:TS SCT_get_version 3197 3_0_0 EXIST::FUNCTION:CT IDEA_set_encrypt_key 3198 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA -ENGINE_get_DH 3199 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_DH 3199 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE i2d_ASIdentifierChoice 3200 3_0_0 EXIST::FUNCTION:RFC3779 SRP_Calc_A 3201 3_0_0 EXIST::FUNCTION:SRP OCSP_BASICRESP_add_ext 3202 3_0_0 EXIST::FUNCTION:OCSP @@ -3162,7 +3162,7 @@ X509_NAME_print 3227 3_0_0 EXIST::FUNCTION: ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION: BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION: i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO -ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DH_bits 3232 3_0_0 EXIST::FUNCTION:DH i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION: EVP_camellia_192_cfb1 3234 3_0_0 EXIST::FUNCTION:CAMELLIA @@ -3189,15 +3189,15 @@ EVP_read_pw_string_min 3254 3_0_0 EXIST::FUNCTION: X509_set1_notBefore 3255 3_0_0 EXIST::FUNCTION: MD4 3256 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 EVP_PKEY_CTX_dup 3257 3_0_0 EXIST::FUNCTION: -ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE +ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,DEPRECATEDIN_3_0,ENGINE PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DH CMS_SharedInfo_encode 3260 3_0_0 EXIST::FUNCTION:CMS ASN1_OBJECT_create 3261 3_0_0 EXIST::FUNCTION: i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:EC BN_GF2m_mod_arr 3263 3_0_0 EXIST::FUNCTION:EC2M -ENGINE_set_finish_function 3264 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_finish_function 3264 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ASN1_OCTET_STRING 3265 3_0_0 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 3266 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_load_pubkey_function 3266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_vprintf 3267 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_decrypt 3268 3_0_0 EXIST::FUNCTION:CMS RSA_generate_key 3269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA @@ -3295,7 +3295,7 @@ OpenSSL_version 3362 3_0_0 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_OBJ 3363 3_0_0 EXIST::FUNCTION:OCSP ECDSA_SIG_get0 3364 3_0_0 EXIST::FUNCTION:EC BN_set_word 3365 3_0_0 EXIST::FUNCTION: -ENGINE_set_flags 3366 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_flags 3366 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DSA_OpenSSL 3367 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA CMS_RecipientInfo_kari_get0_alg 3368 3_0_0 EXIST::FUNCTION:CMS PKCS7_ENVELOPE_new 3369 3_0_0 EXIST::FUNCTION: @@ -3308,7 +3308,7 @@ PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION: PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION: EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:EC EVP_EncryptInit_ex 3378 3_0_0 EXIST::FUNCTION: -ENGINE_add 3379 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_add 3379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OPENSSL_LH_error 3380 3_0_0 EXIST::FUNCTION: PKCS7_DIGEST_it 3381 3_0_0 EXIST::FUNCTION: X509_CINF_new 3382 3_0_0 EXIST::FUNCTION: @@ -3397,7 +3397,7 @@ RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ HMAC_CTX_reset 3468 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_meth_set_init 3469 3_0_0 EXIST::FUNCTION: X509_REQ_extension_nid 3470 3_0_0 EXIST::FUNCTION: -ENGINE_up_ref 3471 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_up_ref 3471 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BN_BLINDING_invert_ex 3472 3_0_0 EXIST::FUNCTION: RIPEMD160_Init 3473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160 ASYNC_WAIT_CTX_get_changed_fds 3474 3_0_0 EXIST::FUNCTION: @@ -3417,7 +3417,7 @@ BN_get_params 3487 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ PKCS5_pbkdf2_set 3488 3_0_0 EXIST::FUNCTION: d2i_PKCS8PrivateKey_bio 3489 3_0_0 EXIST::FUNCTION: ASN1_ENUMERATED_new 3490 3_0_0 EXIST::FUNCTION: -ENGINE_register_digests 3491 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_digests 3491 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_NAME_get_text_by_NID 3492 3_0_0 EXIST::FUNCTION: SMIME_read_ASN1 3493 3_0_0 EXIST::FUNCTION: X509_REQ_set_subject_name 3494 3_0_0 EXIST::FUNCTION: @@ -3442,7 +3442,7 @@ d2i_ASN1_PRINTABLE 3512 3_0_0 EXIST::FUNCTION: EVP_PKEY_add1_attr_by_NID 3513 3_0_0 EXIST::FUNCTION: i2d_PKCS8_PRIV_KEY_INFO_bio 3514 3_0_0 EXIST::FUNCTION: X509_NAME_get_index_by_NID 3515 3_0_0 EXIST::FUNCTION: -ENGINE_get_first 3516 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_first 3516 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION: PKCS7_final 3519 3_0_0 EXIST::FUNCTION: @@ -3458,7 +3458,7 @@ TS_REQ_set_policy_id 3528 3_0_0 EXIST::FUNCTION:TS BIO_callback_ctrl 3529 3_0_0 EXIST::FUNCTION: v2i_GENERAL_NAME 3530 3_0_0 EXIST::FUNCTION: ERR_print_errors_cb 3531 3_0_0 EXIST::FUNCTION: -ENGINE_set_default_string 3532 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_string 3532 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_number_read 3533 3_0_0 EXIST::FUNCTION: CRYPTO_zalloc 3534 3_0_0 EXIST::FUNCTION: EVP_PKEY_cmp_parameters 3535 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -3466,7 +3466,7 @@ EVP_PKEY_CTX_new_id 3537 3_0_0 EXIST::FUNCTION: TLS_FEATURE_free 3538 3_0_0 EXIST::FUNCTION: d2i_BASIC_CONSTRAINTS 3539 3_0_0 EXIST::FUNCTION: X509_CERT_AUX_new 3540 3_0_0 EXIST::FUNCTION: -ENGINE_register_pkey_asn1_meths 3541 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_pkey_asn1_meths 3541 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CRYPTO_ocb128_tag 3542 3_0_0 EXIST::FUNCTION:OCB ERR_load_OBJ_strings 3544 3_0_0 EXIST::FUNCTION: BIO_ctrl_get_read_request 3545 3_0_0 EXIST::FUNCTION: @@ -3482,7 +3482,7 @@ EVP_CIPHER_meth_new 3555 3_0_0 EXIST::FUNCTION: i2d_RSA_OAEP_PARAMS 3556 3_0_0 EXIST::FUNCTION:RSA SXNET_get_id_ulong 3557 3_0_0 EXIST::FUNCTION: BIO_get_callback_arg 3558 3_0_0 EXIST::FUNCTION: -ENGINE_register_RSA 3559 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_RSA 3559 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE i2v_GENERAL_NAMES 3560 3_0_0 EXIST::FUNCTION: PKCS7_decrypt 3562 3_0_0 EXIST::FUNCTION: X509_STORE_set1_param 3563 3_0_0 EXIST::FUNCTION: @@ -3510,7 +3510,7 @@ ASN1_STRING_type 3585 3_0_0 EXIST::FUNCTION: X509_REQ_add1_attr_by_txt 3586 3_0_0 EXIST::FUNCTION: PEM_write_RSAPublicKey 3587 3_0_0 EXIST::FUNCTION:RSA,STDIO EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION: -ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP SHA224 3592 3_0_0 EXIST::FUNCTION: @@ -3544,10 +3544,10 @@ OBJ_new_nid 3620 3_0_0 EXIST::FUNCTION: CMS_ReceiptRequest_new 3621 3_0_0 EXIST::FUNCTION:CMS SRP_VBASE_get1_by_user 3622 3_0_0 EXIST::FUNCTION:SRP UI_method_get_closer 3623 3_0_0 EXIST::FUNCTION: -ENGINE_get_ex_data 3624 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_ex_data 3624 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BN_print_fp 3625 3_0_0 EXIST::FUNCTION:STDIO MD2_Update 3626 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 -ENGINE_free 3628 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_free 3628 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_X509_ATTRIBUTE 3629 3_0_0 EXIST::FUNCTION: TS_RESP_free 3630 3_0_0 EXIST::FUNCTION:TS PKCS5_pbe_set 3631 3_0_0 EXIST::FUNCTION: @@ -3573,7 +3573,7 @@ RSA_null_method 3651 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ TS_REQ_ext_free 3652 3_0_0 EXIST::FUNCTION:TS EVP_PKEY_meth_get_encrypt 3653 3_0_0 EXIST::FUNCTION: Camellia_ecb_encrypt 3654 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0 -ENGINE_set_default_RSA 3655 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RSA 3655 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_EncodeBlock 3656 3_0_0 EXIST::FUNCTION: SXNETID_free 3657 3_0_0 EXIST::FUNCTION: SHA1_Init 3658 3_0_0 EXIST::FUNCTION: @@ -3589,7 +3589,7 @@ d2i_PKCS7_ENVELOPE 3667 3_0_0 EXIST::FUNCTION: ESS_CERT_ID_new 3669 3_0_0 EXIST::FUNCTION: EC_POINT_invert 3670 3_0_0 EXIST::FUNCTION:EC CAST_set_key 3671 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0 -ENGINE_get_pkey_meth 3672 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_get_pkey_meth 3672 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_ADDRINFO_free 3673 3_0_0 EXIST::FUNCTION:SOCK DES_ede3_cbc_encrypt 3674 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES X509v3_asid_canonize 3675 3_0_0 EXIST::FUNCTION:RFC3779 @@ -3630,7 +3630,7 @@ PKCS12_add_friendlyname_asc 3709 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get1_chain 3710 3_0_0 EXIST::FUNCTION: ASN1_mbstring_ncopy 3711 3_0_0 EXIST::FUNCTION: PKCS7_RECIP_INFO_it 3712 3_0_0 EXIST::FUNCTION: -ENGINE_register_all_digests 3713 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_register_all_digests 3713 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_REQ_get_version 3714 3_0_0 EXIST::FUNCTION: i2d_ASN1_UTCTIME 3715 3_0_0 EXIST::FUNCTION: TS_STATUS_INFO_new 3716 3_0_0 EXIST::FUNCTION:TS @@ -3647,7 +3647,7 @@ X509_STORE_CTX_get0_policy_tree 3726 3_0_0 EXIST::FUNCTION: DES_set_key_checked 3727 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES EVP_PKEY_meth_free 3728 3_0_0 EXIST::FUNCTION: EVP_sha224 3729 3_0_0 EXIST::FUNCTION: -ENGINE_set_id 3730 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_id 3730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:EC CMS_signed_add1_attr_by_NID 3732 3_0_0 EXIST::FUNCTION:CMS i2d_DSAPrivateKey_fp 3733 3_0_0 EXIST::FUNCTION:DSA,STDIO @@ -3663,13 +3663,13 @@ SCT_get_validation_status 3742 3_0_0 EXIST::FUNCTION:CT NETSCAPE_CERT_SEQUENCE_free 3743 3_0_0 EXIST::FUNCTION: EVP_PBE_scrypt 3744 3_0_0 EXIST::FUNCTION:SCRYPT d2i_TS_REQ_bio 3745 3_0_0 EXIST::FUNCTION:TS -ENGINE_set_default_ciphers 3746 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_default_ciphers 3746 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_get_signature_nid 3747 3_0_0 EXIST::FUNCTION: DES_fcrypt 3748 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES PEM_write_bio_X509_REQ 3749 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_sign 3750 3_0_0 EXIST::FUNCTION: TS_REQ_get_nonce 3751 3_0_0 EXIST::FUNCTION:TS -ENGINE_unregister_EC 3752 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_unregister_EC 3752 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509v3_get_ext_count 3753 3_0_0 EXIST::FUNCTION: UI_OpenSSL 3754 3_0_0 EXIST::FUNCTION:UI_CONSOLE CRYPTO_ccm128_decrypt 3755 3_0_0 EXIST::FUNCTION: @@ -3689,7 +3689,7 @@ BN_mod_exp2_mont 3768 3_0_0 EXIST::FUNCTION: ASN1_PRINTABLE_free 3769 3_0_0 EXIST::FUNCTION: PKCS7_ATTR_SIGN_it 3771 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_copy 3772 3_0_0 EXIST::FUNCTION: -ENGINE_set_ctrl_function 3773 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_ctrl_function 3773 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_id_get0_info 3774 3_0_0 EXIST::FUNCTION:OCSP BIO_ADDRINFO_next 3775 3_0_0 EXIST::FUNCTION:SOCK OCSP_RESPBYTES_free 3776 3_0_0 EXIST::FUNCTION:OCSP @@ -3805,7 +3805,7 @@ BN_mod_mul_montgomery 3888 3_0_0 EXIST::FUNCTION: BN_nnmod 3889 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_status_info_cond 3890 3_0_0 EXIST::FUNCTION:TS PBKDF2PARAM_new 3891 3_0_0 EXIST::FUNCTION: -ENGINE_set_RSA 3892 3_0_0 EXIST::FUNCTION:ENGINE +ENGINE_set_RSA 3892 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE i2d_X509_ATTRIBUTE 3893 3_0_0 EXIST::FUNCTION: PKCS7_ctrl 3894 3_0_0 EXIST::FUNCTION: OCSP_REVOKEDINFO_it 3895 3_0_0 EXIST::FUNCTION:OCSP From openssl at openssl.org Thu Jul 16 07:19:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 07:19:34 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1594883974.424338.31443.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): C01020EB0A7F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C01020EB0A7F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C01020EB0A7F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C01020EB0A7F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:64: C01020EB0A7F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C01020EB0A7F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C01020EB0A7F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C01020EB0A7F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C01020EB0A7F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C01020EB0A7F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C050AC98937F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0F029A5D37F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:924:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3122, 830 wallclock secs (12.83 usr 1.34 sys + 777.42 cusr 54.40 csys = 845.99 CPU) Result: FAIL Makefile:3060: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3058: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Thu Jul 16 07:20:03 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 07:20:03 +0000 Subject: [openssl] master update Message-ID: <1594884003.654156.23862.nullmailer@dev.openssl.org> The branch master has been updated via ecca5b6e2ea5f364e4281193fd1526fbaf3f8248 (commit) from 81ed433cf835bf7b47aa926735196b6948f65e95 (commit) - Log ----------------------------------------------------------------- commit ecca5b6e2ea5f364e4281193fd1526fbaf3f8248 Author: Pauli Date: Wed Jul 15 09:16:30 2020 +1000 capabilities: make capability selection case insensitive. Everything else to do with algorithm selection and properties is case insensitive. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12450) ----------------------------------------------------------------------- Summary of changes: providers/common/capabilities.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index a60620d8a2..353da1ee32 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -17,6 +17,7 @@ #include "internal/nelem.h" #include "internal/tlsgroups.h" #include "prov/providercommon.h" +#include "e_os.h" typedef struct tls_group_constants_st { unsigned int group_id; /* Group ID */ @@ -177,7 +178,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) int provider_get_capabilities(void *provctx, const char *capability, OSSL_CALLBACK *cb, void *arg) { - if (strcmp(capability, "TLS-GROUP") == 0) + if (strcasecmp(capability, "TLS-GROUP") == 0) return tls_group_capability(cb, arg); /* We don't support this capability */ From openssl at openssl.org Thu Jul 16 07:43:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 07:43:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1594885408.882010.15678.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3222, 834 wallclock secs (12.36 usr 1.13 sys + 774.13 cusr 59.80 csys = 847.42 CPU) Result: FAIL Makefile:3114: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3112: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 16 07:49:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 07:49:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1594885788.034152.32240.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_protect_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_protect_test \ test/cmp_protect_test-bin-cmp_protect_test.o \ test/cmp_protect_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_server_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_server_test \ test/cmp_server_test-bin-cmp_server_test.o \ test/cmp_server_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_status_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_status_test \ test/cmp_status_test-bin-cmp_status_test.o \ test/cmp_status_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_vfy_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_vfy_test \ test/cmp_vfy_test-bin-cmp_testlib.o \ test/cmp_vfy_test-bin-cmp_vfy_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/context_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/context_internal_test \ test/context_internal_test-bin-context_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ctype_internal_test rm -f test/curve448_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ctype_internal_test \ test/ctype_internal_test-bin-ctype_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/curve448_internal_test \ test/curve448_internal_test-bin-curve448_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/destest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/destest \ test/destest-bin-destest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dhtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dhtest \ test/dhtest-bin-dhtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/drbgtest rm -f test/dsa_no_digest_size_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/drbgtest \ test/drbgtest-bin-drbgtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsa_no_digest_size_test \ test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsatest \ test/dsatest-bin-dsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ec_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ec_internal_test \ test/ec_internal_test-bin-ec_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ecdsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ecdsatest \ test/ecdsatest-bin-ecdsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_libctx_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_libctx_test \ test/evp_libctx_test-bin-evp_libctx_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_pkey_provided_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_pkey_provided_test \ test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ffc_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ffc_internal_test \ test/ffc_internal_test-bin-ffc_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x0): undefined reference to `_bignum_dh2048_256_p' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x8): undefined reference to `_bignum_dh2048_256_q' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x10): undefined reference to `_bignum_dh2048_256_g' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:25594: recipe for target 'test/evp_libctx_test' failed make[1]: *** [test/evp_libctx_test] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3058: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu Jul 16 07:52:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 07:52:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1594885922.634483.14711.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmactest-bin-cmactest.d.tmp -MT test/cmactest-bin-cmactest.o -c -o test/cmactest-bin-cmactest.o ../openssl/test/cmactest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_asn_test.d.tmp -MT test/cmp_asn_test-bin-cmp_asn_test.o -c -o test/cmp_asn_test-bin-cmp_asn_test.o ../openssl/test/cmp_asn_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_testlib.d.tmp -MT test/cmp_asn_test-bin-cmp_testlib.o -c -o test/cmp_asn_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_client_test.d.tmp -MT test/cmp_client_test-bin-cmp_client_test.o -c -o test/cmp_client_test-bin-cmp_client_test.o ../openssl/test/cmp_client_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_testlib.d.tmp -MT test/cmp_client_test-bin-cmp_testlib.o -c -o test/cmp_client_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_ctx_test.d.tmp -MT test/cmp_ctx_test-bin-cmp_ctx_test.o -c -o test/cmp_ctx_test-bin-cmp_ctx_test.o ../openssl/test/cmp_ctx_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_testlib.d.tmp -MT test/cmp_ctx_test-bin-cmp_testlib.o -c -o test/cmp_ctx_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_hdr_test.d.tmp -MT test/cmp_hdr_test-bin-cmp_hdr_test.o -c -o test/cmp_hdr_test-bin-cmp_hdr_test.o ../openssl/test/cmp_hdr_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_testlib.d.tmp -MT test/cmp_hdr_test-bin-cmp_testlib.o -c -o test/cmp_hdr_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_msg_test.d.tmp -MT test/cmp_msg_test-bin-cmp_msg_test.o -c -o test/cmp_msg_test-bin-cmp_msg_test.o ../openssl/test/cmp_msg_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_testlib.d.tmp -MT test/cmp_msg_test-bin-cmp_testlib.o -c -o test/cmp_msg_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_protect_test.d.tmp -MT test/cmp_protect_test-bin-cmp_protect_test.o -c -o test/cmp_protect_test-bin-cmp_protect_test.o ../openssl/test/cmp_protect_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_testlib.d.tmp -MT test/cmp_protect_test-bin-cmp_testlib.o -c -o test/cmp_protect_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/cmp_server_test-bin-cmp_testlib.o -c -o test/cmp_server_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/cmp_status_test-bin-cmp_testlib.o -c -o test/cmp_status_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_testlib.d.tmp -MT test/cmp_vfy_test-bin-cmp_testlib.o -c -o test/cmp_vfy_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/confdump-bin-confdump.d.tmp -MT test/confdump-bin-confdump.o -c -o test/confdump-bin-confdump.o ../openssl/test/confdump.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Itest -I. -Iapps/include -I../openssl/include -I../openssl/test -I../openssl -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_extra_test-bin-drbg_extra_test.d.tmp -MT test/drbg_extra_test-bin-drbg_extra_test.o -c -o test/drbg_extra_test-bin-drbg_extra_test.o ../openssl/test/drbg_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test2-bin-evp_extra_test2.d.tmp -MT test/evp_extra_test2-bin-evp_extra_test2.o -c -o test/evp_extra_test2-bin-evp_extra_test2.o ../openssl/test/evp_extra_test2.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_fetch_prov_test-bin-evp_fetch_prov_test.d.tmp -MT test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o -c -o test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o ../openssl/test/evp_fetch_prov_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_libctx_test-bin-evp_libctx_test.d.tmp -MT test/evp_libctx_test-bin-evp_libctx_test.o -c -o test/evp_libctx_test-bin-evp_libctx_test.o ../openssl/test/evp_libctx_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.d.tmp -MT test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o -c -o test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o ../openssl/test/evp_pkey_dparams_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_provided_test-bin-evp_pkey_provided_test.d.tmp -MT test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o -c -o test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o ../openssl/test/evp_pkey_provided_test.c ../openssl/test/evp_libctx_test.c:156:27: error: implicit declaration of function 'DH_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:156:27: note: did you mean 'BN_new'? ../openssl/include/openssl/bn.h:230:9: note: 'BN_new' declared here BIGNUM *BN_new(void); ^ ../openssl/test/evp_libctx_test.c:156:27: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] || !TEST_ptr(dh = DH_new()) ^ clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_test-bin-evp_test.d.tmp -MT test/evp_test-bin-evp_test.o -c -o test/evp_test-bin-evp_test.o ../openssl/test/evp_test.c ../openssl/test/evp_libctx_test.c:156:25: error: incompatible integer to pointer conversion assigning to 'DH *' (aka 'struct dh_st *') from 'int' [-Werror,-Wint-conversion] || !TEST_ptr(dh = DH_new()) ^ ~~~~~~~~ ../openssl/test/testutil.h:436:64: note: expanded from macro 'TEST_ptr' # define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) ^ ../openssl/test/evp_libctx_test.c:160:23: error: implicit declaration of function 'DH_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_true(DH_set0_pqg(dh, p, q, g))) ^ ../openssl/test/evp_libctx_test.c:160:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/test/evp_libctx_test.c:177:5: error: implicit declaration of function 'DH_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DH_free(dh); ^ ../openssl/test/evp_libctx_test.c:177:5: note: did you mean 'BN_free'? ../openssl/include/openssl/bn.h:291:6: note: 'BN_free' declared here void BN_free(BIGNUM *a); ^ ../openssl/test/evp_libctx_test.c:177:5: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] DH_free(dh); ^ 7 errors generated. Makefile:25597: recipe for target 'test/evp_libctx_test-bin-evp_libctx_test.o' failed make[1]: *** [test/evp_libctx_test-bin-evp_libctx_test.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3063: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu Jul 16 09:11:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 09:11:21 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1594890681.278492.17767.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): 70-test_sslversions.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t (Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 12 Failed: 2) Failed tests: 5, 8 Non-zero exit status: 2 Files=205, Tests=2033, 456 wallclock secs ( 7.08 usr 0.94 sys + 391.38 cusr 41.37 csys = 440.77 CPU) Result: FAIL Makefile:3124: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3122: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu Jul 16 11:51:43 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 16 Jul 2020 11:51:43 +0000 Subject: Build failed: openssl master.35610 Message-ID: <20200716115143.1.A180EF6C8C7F9F3D@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 16 12:07:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 12:07:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1594901266.044173.29290.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3089, 859 wallclock secs (12.72 usr 1.25 sys + 796.94 cusr 60.79 csys = 871.70 CPU) Result: FAIL Makefile:3136: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3134: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Thu Jul 16 12:08:12 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 12:08:12 +0000 Subject: [openssl] master update Message-ID: <1594901292.360379.18295.nullmailer@dev.openssl.org> The branch master has been updated via 8dab4de53887639abc1152288fac76506beb87b3 (commit) from ecca5b6e2ea5f364e4281193fd1526fbaf3f8248 (commit) - Log ----------------------------------------------------------------- commit 8dab4de53887639abc1152288fac76506beb87b3 Author: Richard Levitte Date: Thu Jul 16 09:34:00 2020 +0200 Add latest changes and news in CHANGES.md and NEWS.md - Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of the ENGINE API Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12461) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 15 +++++++++++++++ NEWS.md | 1 + 2 files changed, 16 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 68d269cb5d..a7cb2c5bb1 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,21 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated the `ENGINE` API. Engines should be replaced with providers + going forward. + + *Paul Dale* + + * Reworked the recorded ERR codes to make better space for system errors. + To distinguish them, the macro `ERR_SYSTEM_ERROR()` indicates if the + given code is a system error (true) or an OpenSSL error (false). + + *Richard Levitte* + + * Reworked the test perl framework to better allow parallel testing. + + *Nicola Tuveri and David von Oheimb* + * Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported. diff --git a/NEWS.md b/NEWS.md index e04e5b95c8..ed99e8cd00 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Deprecated the `ENGINE` API. * Added `OPENSSL_CTX`, a libcrypto library context. * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in From builds at travis-ci.com Thu Jul 16 12:09:38 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 12:09:38 +0000 Subject: Errored: openssl/openssl#36149 (master - 8c2bfd2) In-Reply-To: Message-ID: <5f1043819cb7f_13fc5597b7998345911@travis-pro-tasks-9456fc6d7-hxkv2.mail> Build Update for openssl/openssl ------------------------------------- Build: #36149 Status: Errored Duration: 1 hr, 23 mins, and 47 secs Commit: 8c2bfd2 (master) Author: Todd Short Message: Add SSL_get[01]_peer_certificate() Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale Reviewed-by: Viktor Dukhovni Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8730) View the changeset: https://github.com/openssl/openssl/compare/55affcadbe4a...8c2bfd25129a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175829826?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 16 12:22:13 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 12:22:13 +0000 Subject: [openssl] master update Message-ID: <1594902133.004408.26228.nullmailer@dev.openssl.org> The branch master has been updated via e4162f86d7fd92058e5558bd81ce9dbc615fec3f (commit) via 660c534435e238c6bd8065c1d544a1c4d3c555a3 (commit) via 865adf97c9b8271788ee7293ecde9e8a643a1c45 (commit) from 8dab4de53887639abc1152288fac76506beb87b3 (commit) - Log ----------------------------------------------------------------- commit e4162f86d7fd92058e5558bd81ce9dbc615fec3f Author: Richard Levitte Date: Thu Jul 16 06:49:45 2020 +0200 DRBG: Fix the renamed functions after the EVP_MAC name reversal [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12186) commit 660c534435e238c6bd8065c1d544a1c4d3c555a3 Author: Matt Caswell Date: Thu Jun 18 09:30:48 2020 +0100 Revert "kdf: make function naming consistent." The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit 765d04c9460a304c8119f57941341a149498b9db. Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12186) commit 865adf97c9b8271788ee7293ecde9e8a643a1c45 Author: Matt Caswell Date: Thu Jun 18 09:26:22 2020 +0100 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12186) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 8 ++-- apps/fipsinstall.c | 10 ++-- apps/kdf.c | 6 +-- apps/lib/s_cb.c | 4 +- apps/mac.c | 6 +-- crypto/cmac/cm_ameth.c | 4 +- crypto/crmf/crmf_pbm.c | 6 +-- crypto/dh/dh_kdf.c | 6 +-- crypto/ec/ecdh_kdf.c | 6 +-- crypto/err/openssl.txt | 2 + crypto/evp/kdf_lib.c | 20 ++++---- crypto/evp/mac_lib.c | 20 ++++---- crypto/evp/p5_crpt2.c | 6 +-- crypto/evp/p_lib.c | 6 +-- crypto/evp/pbe_scrypt.c | 6 +-- crypto/evp/pkey_kdf.c | 14 +++--- crypto/evp/pkey_mac.c | 37 ++++++++------- crypto/modes/siv128.c | 28 ++++++------ doc/man1/openssl-kdf.pod.in | 2 +- doc/man1/openssl-mac.pod.in | 2 +- doc/man3/EVP_KDF.pod | 40 ++++++++-------- doc/man3/EVP_MAC.pod | 46 +++++++++---------- doc/man3/HMAC.pod | 2 +- doc/man3/OSSL_PARAM_allocate_from_text.pod | 2 +- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 14 +++--- doc/man7/EVP_KDF-HKDF.pod | 16 +++---- doc/man7/EVP_KDF-KB.pod | 20 ++++---- doc/man7/EVP_KDF-KRB5KDF.pod | 8 ++-- doc/man7/EVP_KDF-PBKDF2.pod | 6 +-- doc/man7/EVP_KDF-SCRYPT.pod | 16 +++---- doc/man7/EVP_KDF-SS.pod | 32 ++++++------- doc/man7/EVP_KDF-SSHKDF.pod | 12 ++--- doc/man7/EVP_KDF-TLS1_PRF.pod | 16 +++---- doc/man7/EVP_KDF-X942.pod | 18 ++++---- doc/man7/EVP_KDF-X963.pod | 16 +++---- doc/man7/EVP_MAC-BLAKE2.pod | 6 +-- doc/man7/EVP_MAC-CMAC.pod | 6 +-- doc/man7/EVP_MAC-GMAC.pod | 6 +-- doc/man7/EVP_MAC-HMAC.pod | 6 +-- doc/man7/EVP_MAC-KMAC.pod | 6 +-- doc/man7/EVP_MAC-Poly1305.pod | 6 +-- doc/man7/EVP_MAC-Siphash.pod | 6 +-- include/openssl/evp.h | 36 ++++++++++++++- include/openssl/kdf.h | 12 ++--- include/openssl/mac.h | 59 ------------------------ providers/common/provider_util.c | 8 ++-- providers/fips/self_test.c | 6 +-- providers/fips/self_test_kats.c | 6 +-- providers/implementations/kdfs/kbkdf.c | 14 +++--- providers/implementations/kdfs/sskdf.c | 16 +++---- providers/implementations/kdfs/tls1_prf.c | 22 ++++----- providers/implementations/rands/drbg_hmac.c | 8 ++-- ssl/t1_enc.c | 8 ++-- ssl/t1_lib.c | 8 ++-- ssl/tls13_enc.c | 28 ++++++------ test/bad_dtls_test.c | 6 +-- test/evp_kdf_test.c | 66 +++++++++++++-------------- test/evp_test.c | 15 +++--- test/sslapitest.c | 2 +- util/libcrypto.num | 24 +++++----- 60 files changed, 411 insertions(+), 438 deletions(-) delete mode 100644 include/openssl/mac.h diff --git a/CHANGES.md b/CHANGES.md index a7cb2c5bb1..3a267d6c25 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -424,8 +424,8 @@ OpenSSL 3.0 and HMAC_CTX_get_md. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* @@ -448,8 +448,8 @@ OpenSSL 3.0 CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 7efdd65d46..c8687bec8f 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -375,7 +375,7 @@ opthelp: goto end; } - ctx = EVP_MAC_new_ctx(mac); + ctx = EVP_MAC_CTX_new(mac); if (ctx == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for module check\n"); goto end; @@ -389,7 +389,7 @@ opthelp: if (params == NULL) goto end; - if (!EVP_MAC_set_ctx_params(ctx, params)) { + if (!EVP_MAC_CTX_set_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -399,7 +399,7 @@ opthelp: goto end; } - ctx2 = EVP_MAC_dup_ctx(ctx); + ctx2 = EVP_MAC_CTX_dup(ctx); if (ctx2 == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n"); goto end; @@ -459,8 +459,8 @@ cleanup: BIO_free(module_bio); sk_OPENSSL_STRING_free(opts); EVP_MAC_free(mac); - EVP_MAC_free_ctx(ctx2); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx2); + EVP_MAC_CTX_free(ctx); OPENSSL_free(read_buffer); free_config_and_unload(conf); return ret; diff --git a/apps/kdf.c b/apps/kdf.c index dd6cc9255c..8d11807f5f 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -104,7 +104,7 @@ opthelp: goto opthelp; } - ctx = EVP_KDF_new_ctx(kdf); + ctx = EVP_KDF_CTX_new(kdf); if (ctx == NULL) goto err; @@ -116,7 +116,7 @@ opthelp: if (params == NULL) goto err; - if (!EVP_KDF_set_ctx_params(ctx, params)) { + if (!EVP_KDF_CTX_set_params(ctx, params)) { BIO_printf(bio_err, "KDF parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -161,7 +161,7 @@ err: OPENSSL_clear_free(dkm_bytes, dkm_len); sk_OPENSSL_STRING_free(opts); EVP_KDF_free(kdf); - EVP_KDF_free_ctx(ctx); + EVP_KDF_CTX_free(ctx); BIO_free(out); OPENSSL_free(hexout); return ret; diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index de72bde9ed..ba9ef12afb 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -788,7 +788,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "HMAC not found\n"); goto end; } - ctx = EVP_MAC_new_ctx(hmac); + ctx = EVP_MAC_CTX_new(hmac); if (ctx == NULL) { BIO_printf(bio_err, "HMAC context allocation failed\n"); goto end; @@ -797,7 +797,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, cookie_secret, COOKIE_SECRET_LENGTH); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(ctx, params)) { + if (!EVP_MAC_CTX_set_params(ctx, params)) { BIO_printf(bio_err, "HMAC context parameter setting failed\n"); goto end; } diff --git a/apps/mac.c b/apps/mac.c index e84321b83a..30f0daabcc 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -114,7 +114,7 @@ opthelp: goto opthelp; } - ctx = EVP_MAC_new_ctx(mac); + ctx = EVP_MAC_CTX_new(mac); if (ctx == NULL) goto err; @@ -126,7 +126,7 @@ opthelp: if (params == NULL) goto err; - if (!EVP_MAC_set_ctx_params(ctx, params)) { + if (!EVP_MAC_CTX_set_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -199,7 +199,7 @@ err: sk_OPENSSL_STRING_free(opts); BIO_free(in); BIO_free(out); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); EVP_MAC_free(mac); return ret; } diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index ece3d8f91c..aa06cdc98a 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -31,9 +31,9 @@ static int cmac_size(const EVP_PKEY *pkey) static void cmac_key_free(EVP_PKEY *pkey) { EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey); - EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_get_ctx_mac(cmctx); + EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_CTX_mac(cmctx); - EVP_MAC_free_ctx(cmctx); + EVP_MAC_CTX_free(cmctx); EVP_MAC_free(mac); } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index a087bc4423..f674eeeff7 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -202,8 +202,8 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, macparams[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, basekey, bklen); if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL - || (mctx = EVP_MAC_new_ctx(mac)) == NULL - || !EVP_MAC_set_ctx_params(mctx, macparams) + || (mctx = EVP_MAC_CTX_new(mac)) == NULL + || !EVP_MAC_CTX_set_params(mctx, macparams) || !EVP_MAC_init(mctx) || !EVP_MAC_update(mctx, msg, msglen) || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE)) @@ -214,7 +214,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, err: /* cleanup */ OPENSSL_cleanse(basekey, bklen); - EVP_MAC_free_ctx(mctx); + EVP_MAC_CTX_free(mctx); EVP_MAC_free(mac); EVP_MD_CTX_free(ctx); diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 50a1df858a..1b8a320db1 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -46,7 +46,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, return 0; kdf = EVP_KDF_fetch(provctx, OSSL_KDF_NAME_X942KDF, NULL); - if ((kctx = EVP_KDF_new_ctx(kdf)) == NULL) + if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) goto err; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); @@ -58,10 +58,10 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, (char *)oid_sn, 0); *p = OSSL_PARAM_construct_end(); - ret = EVP_KDF_set_ctx_params(kctx, params) > 0 + ret = EVP_KDF_CTX_set_params(kctx, params) > 0 && EVP_KDF_derive(kctx, out, outlen) > 0; err: - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); EVP_KDF_free(kdf); return ret; } diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index a502846d55..fb501c6ada 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -32,7 +32,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const char *mdname = EVP_MD_name(md); EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL); - if ((kctx = EVP_KDF_new_ctx(kdf)) != NULL) { + if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, @@ -41,9 +41,9 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, (void *)sinfo, sinfolen); *p = OSSL_PARAM_construct_end(); - ret = EVP_KDF_set_ctx_params(kctx, params) > 0 + ret = EVP_KDF_CTX_set_params(kctx, params) > 0 && EVP_KDF_derive(kctx, out, outlen) > 0; - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); } EVP_KDF_free(kdf); return ret; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 579c2dce9a..fe937e6139 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -843,6 +843,8 @@ EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str +EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup +EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 2461498093..d22bb39c82 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -23,7 +23,7 @@ #include "internal/provider.h" #include "evp_local.h" -EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf) +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf) { EVP_KDF_CTX *ctx = NULL; @@ -34,7 +34,7 @@ EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf) if (ctx == NULL || (ctx->data = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL || !EVP_KDF_up_ref(kdf)) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_KDF_CTX_NEW, ERR_R_MALLOC_FAILURE); if (ctx != NULL) kdf->freectx(ctx->data); OPENSSL_free(ctx); @@ -45,7 +45,7 @@ EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf) return ctx; } -void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx) +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) { if (ctx != NULL) { ctx->meth->freectx(ctx->data); @@ -55,7 +55,7 @@ void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx) } } -EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src) +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) { EVP_KDF_CTX *dst; @@ -64,20 +64,20 @@ EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src) dst = OPENSSL_malloc(sizeof(*dst)); if (dst == NULL) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; } memcpy(dst, src, sizeof(*dst)); if (!EVP_KDF_up_ref(dst->meth)) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE); OPENSSL_free(dst); return NULL; } dst->data = src->meth->dupctx(src->data); if (dst->data == NULL) { - EVP_KDF_free_ctx(dst); + EVP_KDF_CTX_free(dst); return NULL; } return dst; @@ -98,7 +98,7 @@ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf) return kdf->prov; } -const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx) +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx) { return ctx->meth; } @@ -151,14 +151,14 @@ int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]) return 1; } -int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]) +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]) { if (ctx->meth->get_ctx_params != NULL) return ctx->meth->get_ctx_params(ctx->data, params); return 1; } -int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 8fe9708797..b7bfe8921f 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -19,14 +19,14 @@ #include "internal/provider.h" #include "evp_local.h" -EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac) +EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) { EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX)); if (ctx == NULL || (ctx->data = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL || !EVP_MAC_up_ref(mac)) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_MAC_CTX_NEW, ERR_R_MALLOC_FAILURE); if (ctx != NULL) mac->freectx(ctx->data); OPENSSL_free(ctx); @@ -37,7 +37,7 @@ EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac) return ctx; } -void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx) +void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) { if (ctx != NULL) { ctx->meth->freectx(ctx->data); @@ -48,7 +48,7 @@ void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx) OPENSSL_free(ctx); } -EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src) +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) { EVP_MAC_CTX *dst; @@ -57,27 +57,27 @@ EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src) dst = OPENSSL_malloc(sizeof(*dst)); if (dst == NULL) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; } *dst = *src; if (!EVP_MAC_up_ref(dst->meth)) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); OPENSSL_free(dst); return NULL; } dst->data = src->meth->dupctx(src->data); if (dst->data == NULL) { - EVP_MAC_free_ctx(dst); + EVP_MAC_CTX_free(dst); return NULL; } return dst; } -EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx) +EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx) { return ctx->meth; } @@ -144,14 +144,14 @@ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]) return 1; } -int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) +int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) { if (ctx->meth->get_ctx_params != NULL) return ctx->meth->get_ctx_params(ctx->data, params); return 1; } -int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) +int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index e2f7734afc..6e89ffd999 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -41,7 +41,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, salt = (unsigned char *)empty; kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -54,11 +54,11 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) != 1 + if (EVP_KDF_CTX_set_params(kctx, params) != 1 || EVP_KDF_derive(kctx, out, keylen) != 1) rv = 0; - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); OSSL_TRACE_BEGIN(PKCS5V2) { BIO_printf(trc_out, "Password:\n"); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 4dc1e0a5b2..aa11608688 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -595,7 +595,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, prov == NULL ? NULL : ossl_provider_library_context(prov); EVP_PKEY *ret = EVP_PKEY_new(); EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL); - EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_new_ctx(cmac) : NULL; + EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL; OSSL_PARAM params[4]; size_t paramsn = 0; @@ -620,7 +620,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, (char *)priv, len); params[paramsn] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(cmctx, params)) { + if (!EVP_MAC_CTX_set_params(cmctx, params)) { EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); goto err; } @@ -630,7 +630,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, err: EVP_PKEY_free(ret); - EVP_MAC_free_ctx(cmctx); + EVP_MAC_CTX_free(cmctx); EVP_MAC_free(cmac); return NULL; # else diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index 3fdc82d5a9..fa7b1de17c 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -63,7 +63,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, maxmem = SCRYPT_MAX_MEM; kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -78,11 +78,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); *z = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) != 1 + if (EVP_KDF_CTX_set_params(kctx, params) != 1 || EVP_KDF_derive(kctx, key, keylen) != 1) rv = 0; - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return rv; } diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c index dff16bfd41..ac4a0fa461 100644 --- a/crypto/evp/pkey_kdf.c +++ b/crypto/evp/pkey_kdf.c @@ -50,7 +50,7 @@ static int pkey_kdf_init(EVP_PKEY_CTX *ctx) return 0; kdf = EVP_KDF_fetch(NULL, kdf_name, NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { OPENSSL_free(pkctx); @@ -66,7 +66,7 @@ static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx) { EVP_PKEY_KDF_CTX *pkctx = ctx->data; - EVP_KDF_free_ctx(pkctx->kctx); + EVP_KDF_CTX_free(pkctx->kctx); pkey_kdf_free_collected(pkctx); OPENSSL_free(pkctx); } @@ -202,7 +202,7 @@ static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) break; } - return EVP_KDF_set_ctx_params(kctx, params); + return EVP_KDF_CTX_set_params(kctx, params); } static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, @@ -210,7 +210,7 @@ static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, { EVP_PKEY_KDF_CTX *pkctx = ctx->data; EVP_KDF_CTX *kctx = pkctx->kctx; - const EVP_KDF *kdf = EVP_KDF_get_ctx_kdf(kctx); + const EVP_KDF *kdf = EVP_KDF_CTX_kdf(kctx); BUF_MEM **collector = NULL; const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(kdf); OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -239,7 +239,7 @@ static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, if (collector != NULL) ok = collect(collector, params[0].data, params[0].data_size); else - ok = EVP_KDF_set_ctx_params(kctx, params); + ok = EVP_KDF_CTX_set_params(kctx, params); OPENSSL_free(params[0].data); return ok; } @@ -274,7 +274,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, pkctx->collected_seed->data, pkctx->collected_seed->length); - r = EVP_KDF_set_ctx_params(kctx, params); + r = EVP_KDF_CTX_set_params(kctx, params); pkey_kdf_free_collected(pkctx); if (!r) return 0; @@ -287,7 +287,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, pkctx->collected_info->data, pkctx->collected_info->length); - r = EVP_KDF_set_ctx_params(kctx, params); + r = EVP_KDF_CTX_set_params(kctx, params); pkey_kdf_free_collected(pkctx); if (!r) return 0; diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 784fca956d..7e36b3c6bd 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -74,7 +74,7 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx) } if (mac != NULL) { - hctx->ctx = EVP_MAC_new_ctx(mac); + hctx->ctx = EVP_MAC_CTX_new(mac); if (hctx->ctx == NULL) { OPENSSL_free(hctx); return 0; @@ -119,7 +119,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) EVP_PKEY_CTX_set_data(dst, dctx); dst->keygen_info_count = 0; - dctx->ctx = EVP_MAC_dup_ctx(sctx->ctx); + dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx); if (dctx->ctx == NULL) goto err; @@ -131,7 +131,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) * fetches the MAC method anew in this case. Therefore, its reference * count must be adjusted here. */ - if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(dctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(dctx->ctx))) goto err; dctx->type = sctx->type; @@ -166,8 +166,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) MAC_PKEY_CTX *hctx = ctx == NULL ? NULL : EVP_PKEY_CTX_get_data(ctx); if (hctx != NULL) { - EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_get_ctx_mac(hctx->ctx) - : NULL; + EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_CTX_mac(hctx->ctx) : NULL; switch (hctx->type) { case MAC_TYPE_RAW: @@ -175,7 +174,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) hctx->raw_data.ktmp.length); break; } - EVP_MAC_free_ctx(hctx->ctx); + EVP_MAC_CTX_free(hctx->ctx); EVP_MAC_free(mac); OPENSSL_free(hctx); EVP_PKEY_CTX_set_data(ctx, NULL); @@ -210,10 +209,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } - cmkey = EVP_MAC_dup_ctx(hctx->ctx); + cmkey = EVP_MAC_CTX_dup(hctx->ctx); if (cmkey == NULL) return 0; - if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(hctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(hctx->ctx))) return 0; EVP_PKEY_assign(pkey, nid, cmkey); } @@ -259,7 +258,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) } if (set_key) { - if (!EVP_MAC_is_a(EVP_MAC_get_ctx_mac(hctx->ctx), + if (!EVP_MAC_is_a(EVP_MAC_CTX_mac(hctx->ctx), OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx))))) return 0; key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); @@ -284,7 +283,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, key->data, key->length); params[params_n++] = OSSL_PARAM_construct_end(); - rv = EVP_MAC_set_ctx_params(hctx->ctx, params); + rv = EVP_MAC_CTX_set_params(hctx->ctx, params); } return rv; } @@ -334,7 +333,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_set_ctx_params(hctx->ctx, params) + if (!EVP_MAC_CTX_set_params(hctx->ctx, params) || !EVP_MAC_init(hctx->ctx)) return 0; } @@ -355,10 +354,10 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_dup_ctx(ctx->pkey->pkey.ptr); + new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; - EVP_MAC_free_ctx(hctx->ctx); + EVP_MAC_CTX_free(hctx->ctx); hctx->ctx = new_mac_ctx; } break; @@ -393,13 +392,13 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_set_ctx_params(hctx->ctx, params)) + if (!EVP_MAC_CTX_set_params(hctx->ctx, params)) return 0; params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &verify); - if (!EVP_MAC_get_ctx_params(hctx->ctx, params)) + if (!EVP_MAC_CTX_get_params(hctx->ctx, params)) return 0; /* @@ -437,7 +436,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - return EVP_MAC_set_ctx_params(hctx->ctx, params); + return EVP_MAC_CTX_set_params(hctx->ctx, params); } break; default: @@ -482,7 +481,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) key->data, key->length); params[params_n] = OSSL_PARAM_construct_end(); - return EVP_MAC_set_ctx_params(hctx->ctx, params); + return EVP_MAC_CTX_set_params(hctx->ctx, params); } break; case MAC_TYPE_MAC: @@ -517,7 +516,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(0, EVP_R_FETCH_FAILED); return 0; } - mac = EVP_MAC_get_ctx_mac(hctx->ctx); + mac = EVP_MAC_CTX_mac(hctx->ctx); /* * Translation of some control names that are equivalent to a single @@ -539,7 +538,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, return 0; params[1] = OSSL_PARAM_construct_end(); - ok = EVP_MAC_set_ctx_params(hctx->ctx, params); + ok = EVP_MAC_CTX_set_params(hctx->ctx, params); OPENSSL_free(params[0].data); return ok; } diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index f7fadf26d4..d3655674b4 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -94,7 +94,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou EVP_MAC_CTX *mac_ctx; int ret = 0; - mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init); + mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); if (mac_ctx == NULL) return 0; @@ -121,7 +121,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou ret = 1; err: - EVP_MAC_free_ctx(mac_ctx); + EVP_MAC_CTX_free(mac_ctx); return ret; } @@ -182,20 +182,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, /* TODO(3.0) library context */ || (ctx->mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL - || (ctx->mac_ctx_init = EVP_MAC_new_ctx(ctx->mac)) == NULL - || !EVP_MAC_set_ctx_params(ctx->mac_ctx_init, params) + || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL + || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || (mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL + || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); - EVP_MAC_free_ctx(ctx->mac_ctx_init); - EVP_MAC_free_ctx(mac_ctx); + EVP_MAC_CTX_free(ctx->mac_ctx_init); + EVP_MAC_CTX_free(mac_ctx); EVP_MAC_free(ctx->mac); return 0; } - EVP_MAC_free_ctx(mac_ctx); + EVP_MAC_CTX_free(mac_ctx); ctx->final_ret = -1; ctx->crypto_ok = 1; @@ -211,8 +211,8 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) memcpy(&dest->d, &src->d, sizeof(src->d)); if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; - EVP_MAC_free_ctx(dest->mac_ctx_init); - dest->mac_ctx_init = EVP_MAC_dup_ctx(src->mac_ctx_init); + EVP_MAC_CTX_free(dest->mac_ctx_init); + dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); if (dest->mac_ctx_init == NULL) return 0; return 1; @@ -232,15 +232,15 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, siv128_dbl(&ctx->d); - if ((mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL + if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, aad, len) || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len, sizeof(mac_out.byte)) || out_len != SIV_LEN) { - EVP_MAC_free_ctx(mac_ctx); + EVP_MAC_CTX_free(mac_ctx); return 0; } - EVP_MAC_free_ctx(mac_ctx); + EVP_MAC_CTX_free(mac_ctx); siv128_xorblock(&ctx->d, &mac_out); @@ -352,7 +352,7 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx) if (ctx != NULL) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); ctx->cipher_ctx = NULL; - EVP_MAC_free_ctx(ctx->mac_ctx_init); + EVP_MAC_CTX_free(ctx->mac_ctx_init); ctx->mac_ctx_init = NULL; EVP_MAC_free(ctx->mac); ctx->mac = NULL; diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in index e92eee27ba..9c585325ba 100644 --- a/doc/man1/openssl-kdf.pod.in +++ b/doc/man1/openssl-kdf.pod.in @@ -46,7 +46,7 @@ Output the derived key in binary form. Uses hexadecimal text format if not speci Passes options to the KDF algorithm. A comprehensive list of parameters can be found in the EVP_KDF_CTX implementation documentation. -Common parameter names used by EVP_KDF_set_ctx_params() are: +Common parameter names used by EVP_KDF_CTX_set_params() are: =over 4 diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in index ff1b83fbd3..4c9cc3bc31 100644 --- a/doc/man1/openssl-mac.pod.in +++ b/doc/man1/openssl-mac.pod.in @@ -49,7 +49,7 @@ Output the MAC in binary form. Uses hexadecimal text format if not specified. Passes options to the MAC algorithm. A comprehensive list of controls can be found in the EVP_MAC implementation documentation. -Common parameter names used by EVP_MAC_get_ctx_params() are: +Common parameter names used by EVP_MAC_CTX_get_params() are: =over 4 diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 5bf7994de8..d97d33936d 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -3,11 +3,11 @@ =head1 NAME EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, -EVP_KDF_CTX, EVP_KDF_new_ctx, EVP_KDF_free_ctx, EVP_KDF_dup_ctx, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, EVP_KDF_reset, EVP_KDF_derive, -EVP_KDF_size, EVP_KDF_provider, EVP_KDF_get_ctx_kdf, EVP_KDF_is_a, +EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, EVP_KDF_number, EVP_KDF_names_do_all, -EVP_KDF_get_ctx_params, EVP_KDF_set_ctx_params, EVP_KDF_do_all_provided, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, EVP_KDF_gettable_params - EVP KDF routines @@ -18,10 +18,10 @@ EVP_KDF_gettable_params - EVP KDF routines typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; - EVP_KDF_CTX *EVP_KDF_new_ctx(const EVP_KDF *kdf); - const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx); - void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx); - EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src); + EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); + const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); + void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); + EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); void EVP_KDF_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); @@ -39,8 +39,8 @@ EVP_KDF_gettable_params - EVP KDF routines void (*fn)(const char *name, void *data), void *data); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); - int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); - int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); + int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); + int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); @@ -52,8 +52,8 @@ The EVP KDF routines are a high-level interface to Key Derivation Function algorithms and should be used instead of algorithm-specific functions. After creating a B for the required algorithm using -EVP_KDF_new_ctx(), inputs to the algorithm are supplied -using calls to EVP_KDF_set_ctx_params() before +EVP_KDF_CTX_new(), inputs to the algorithm are supplied +using calls to EVP_KDF_CTX_set_params() before calling EVP_KDF_derive() to derive the key. =head2 Types @@ -82,12 +82,12 @@ NULL is a valid parameter, for which this function is a no-op. =head2 Context manipulation functions -EVP_KDF_new_ctx() creates a new context for the KDF implementation I. +EVP_KDF_CTX_new() creates a new context for the KDF implementation I. -EVP_KDF_free_ctx() frees up the context I. If I is NULL, nothing +EVP_KDF_CTX_free() frees up the context I. If I is NULL, nothing is done. -EVP_KDF_get_ctx_kdf() returns the B associated with the context +EVP_KDF_CTX_kdf() returns the B associated with the context I. =head2 Computing functions @@ -107,14 +107,14 @@ parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_KDF_get_ctx_params() retrieves chosen parameters, given the +EVP_KDF_CTX_get_params() retrieves chosen parameters, given the context I and its underlying context. The set of parameters given with I determine exactly what parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_KDF_set_ctx_params() passes chosen parameters to the underlying +EVP_KDF_CTX_set_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. @@ -126,8 +126,8 @@ defined by the implementation. EVP_KDF_gettable_params(), EVP_KDF_gettable_ctx_params() and EVP_KDF_settable_ctx_params() get a constant B array that describes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_KDF_get_params(), EVP_KDF_get_ctx_params() -and EVP_KDF_set_ctx_params(), respectively. +can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params() +and EVP_KDF_CTX_set_params(), respectively. See L for the use of B as parameter descriptor. =head2 Information functions @@ -237,10 +237,10 @@ NULL on error. EVP_KDF_up_ref() returns 1 on success, 0 on error. -EVP_KDF_new_ctx() returns either the newly allocated +EVP_KDF_CTX_new() returns either the newly allocated B structure or NULL if an error occurred. -EVP_KDF_free_ctx() and EVP_KDF_reset() do not return a value. +EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. EVP_KDF_size() returns the output size. B is returned to indicate that the algorithm produces a variable amount of output; 0 to indicate failure. diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index b8fa1ce630..9e35d57c17 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -5,8 +5,8 @@ EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, -EVP_MAC_CTX, EVP_MAC_new_ctx, EVP_MAC_free_ctx, EVP_MAC_dup_ctx, -EVP_MAC_get_ctx_mac, EVP_MAC_get_ctx_params, EVP_MAC_set_ctx_params, +EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, +EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, EVP_MAC_do_all_provided - EVP MAC routines @@ -30,12 +30,12 @@ EVP_MAC_do_all_provided - EVP MAC routines const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); - void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); - EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); - EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); - int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); - int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); + void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); + EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); + EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); + int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); + int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); size_t EVP_MAC_size(EVP_MAC_CTX *ctx); int EVP_MAC_init(EVP_MAC_CTX *ctx); @@ -96,18 +96,18 @@ NULL is a valid parameter, for which this function is a no-op. =head2 Context manipulation functions -EVP_MAC_new_ctx() creates a new context for the MAC type I. +EVP_MAC_CTX_new() creates a new context for the MAC type I. The created context can then be used with most other functions described here. -EVP_MAC_free_ctx() frees the contents of the context, including an +EVP_MAC_CTX_free() frees the contents of the context, including an underlying context if there is one, as well as the context itself. NULL is a valid parameter, for which this function is a no-op. -EVP_MAC_dup_ctx() duplicates the I context and returns a newly allocated +EVP_MAC_CTX_dup() duplicates the I context and returns a newly allocated context. -EVP_MAC_get_ctx_mac() returns the B associated with the context +EVP_MAC_CTX_mac() returns the B associated with the context I. =head2 Computing functions @@ -136,14 +136,14 @@ parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_get_ctx_params() retrieves chosen parameters, given the +EVP_MAC_CTX_get_params() retrieves chosen parameters, given the context I and its underlying context. The set of parameters given with I determine exactly what parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_set_ctx_params() passes chosen parameters to the underlying +EVP_MAC_CTX_set_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. @@ -155,8 +155,8 @@ defined by the implementation. EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and EVP_MAC_settable_ctx_params() get a constant B array that describes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_MAC_get_params(), EVP_MAC_get_ctx_params() -and EVP_MAC_set_ctx_params(), respectively. +can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() +and EVP_MAC_CTX_set_params(), respectively. See L for the use of B as parameter descriptor. =head2 Information functions @@ -270,12 +270,12 @@ the given name, otherwise 0. EVP_MAC_provider() returns a pointer to the provider for the MAC, or NULL on error. -EVP_MAC_new_ctx() and EVP_MAC_dup_ctx() return a pointer to a newly +EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly created EVP_MAC_CTX, or NULL if allocation failed. -EVP_MAC_free_ctx() returns nothing at all. +EVP_MAC_CTX_free() returns nothing at all. -EVP_MAC_get_ctx_params() and EVP_MAC_set_ctx_params() return 1 on +EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on success, 0 on error. EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 @@ -327,8 +327,8 @@ EVP_MAC_do_all_provided() returns nothing at all. if (mac == NULL || key == NULL - || (ctx = EVP_MAC_new_ctx(mac)) == NULL - || EVP_MAC_set_ctx_params(ctx, params) <= 0) + || (ctx = EVP_MAC_CTX_new(mac)) == NULL + || EVP_MAC_CTX_set_params(ctx, params) <= 0) goto err; if (!EVP_MAC_init(ctx)) @@ -347,12 +347,12 @@ EVP_MAC_do_all_provided() returns nothing at all. printf("%02X", buf[i]); printf("\n"); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); EVP_MAC_free(mac); exit(0); err: - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); EVP_MAC_free(mac); fprintf(stderr, "Something went wrong\n"); ERR_print_errors_fp(stderr); diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index f441208585..816d6e325d 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -54,7 +54,7 @@ L: =head1 DESCRIPTION All of the functions described on this page are deprecated. Applications should -instead use L, L, L, +instead use L, L, L, L and L. HMAC is a MAC (message authentication code), i.e. a keyed hash diff --git a/doc/man3/OSSL_PARAM_allocate_from_text.pod b/doc/man3/OSSL_PARAM_allocate_from_text.pod index 539b2179c4..011685c8c8 100644 --- a/doc/man3/OSSL_PARAM_allocate_from_text.pod +++ b/doc/man3/OSSL_PARAM_allocate_from_text.pod @@ -175,7 +175,7 @@ Can be written like this instead: goto err; } params[params_n] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(ctx, params)) + if (!EVP_MAC_CTX_set_params(ctx, params)) goto err; while (params_n-- > 0) OPENSSL_free(params[params_n].data); diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index ee726b3b64..a81dc76591 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -49,7 +49,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I and I have been -initialised with L and L +initialised with L and L respectively. For new sessions tickets, when the client doesn't present a session ticket, or @@ -66,7 +66,7 @@ maximum IV length is B bytes defined in B. The initialization vector I should be a random value. The cipher context I should use the initialisation vector I. The cipher context can be set using L. The hmac context and digest can be set using -L with the B and +L with the B and B parameters respectively. When the client presents a session ticket, the callback function with be called @@ -76,7 +76,7 @@ the session ticket. The OpenSSL library expects that the I will be used to retrieve a cryptographic parameters and that the cryptographic context I will be set with the retrieved parameters and the initialization vector I. using a function like L. The key material and -digest for I need to be set using L with the +digest for I need to be set using L with the B and B parameters respectively. If the I is still valid but a renewal of the ticket is required the @@ -120,8 +120,8 @@ The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated HMAC_CTX pointer instead of an EVP_MAC_CTX one. Before this callback function is started I will have been -initialised with L and the digest set with -L. +initialised with L and the digest set with +L. The I key material can be set using L. =head1 NOTES @@ -186,7 +186,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_set_ctx_params(hctx, params); + EVP_MAC_CTX_set_params(hctx, params); return 1; @@ -202,7 +202,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_set_ctx_params(hctx, params); + EVP_MAC_CTX_set_params(hctx, params); EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod index de62827b88..a8bb5dacd9 100644 --- a/doc/man7/EVP_KDF-HKDF.pod +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -87,7 +87,7 @@ an error will occur. A context for HKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an HKDF expand operation is specified via the I parameter to the L function. When using @@ -107,7 +107,7 @@ salt value "salt" and info value "label": OSSL_PARAM params[5], *p = params; kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -119,14 +119,14 @@ salt value "salt" and info value "label": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "salt", (size_t)4); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -135,10 +135,10 @@ RFC 5869 =head1 SEE ALSO L, -L, -L, +L, +L, L, -L, +L, L, L diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod index e5a2af67f9..0a84e925d9 100644 --- a/doc/man7/EVP_KDF-KB.pod +++ b/doc/man7/EVP_KDF-KB.pod @@ -57,7 +57,7 @@ Depending on whether mac is CMAC or HMAC, either digest or cipher is required A context for KBKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an KBKDF is specified via the C parameter to the L function. @@ -76,7 +76,7 @@ Label "label", and Context "context". OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -90,12 +90,12 @@ Label "label", and Context "context". *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "context", strlen("context")); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) + error("EVP_KDF_CTX_set_params"); else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret", Label "label", and IV "sixteen bytes iv". @@ -107,7 +107,7 @@ Label "label", and IV "sixteen bytes iv". unsigned char *iv = "sixteen bytes iv"; kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0); @@ -122,12 +122,12 @@ Label "label", and IV "sixteen bytes iv". *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, iv, strlen(iv)); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) + error("EVP_KDF_CTX_set_params"); else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -136,7 +136,7 @@ NIST SP800-108, IETF RFC 6803, IETF RFC 8009. =head1 SEE ALSO L, -L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod index 29a8c0f7b8..62f941c3ca 100644 --- a/doc/man7/EVP_KDF-KRB5KDF.pod +++ b/doc/man7/EVP_KDF-KRB5KDF.pod @@ -44,7 +44,7 @@ If a value is already set, the contents are replaced. A context for KRB5KDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of the KRB5KDF derivation is specified via the I parameter to the L function, and MUST match the key @@ -70,7 +70,7 @@ This example derives a key using the AES-128-CBC cipher: OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, @@ -87,7 +87,7 @@ This example derives a key using the AES-128-CBC cipher: if (EVP_KDF_derive(kctx, out, outlen) <= 0) /* Error */ - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -96,7 +96,7 @@ RFC 3961 =head1 SEE ALSO L, -L, +L, L, L, L, diff --git a/doc/man7/EVP_KDF-PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod index 2be2db75b5..b0b7ac1d65 100644 --- a/doc/man7/EVP_KDF-PBKDF2.pod +++ b/doc/man7/EVP_KDF-PBKDF2.pod @@ -82,9 +82,9 @@ SP800-132 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L diff --git a/doc/man7/EVP_KDF-SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod index 7782f4fa87..8650a8b39a 100644 --- a/doc/man7/EVP_KDF-SCRYPT.pod +++ b/doc/man7/EVP_KDF-SCRYPT.pod @@ -66,7 +66,7 @@ Both r and p are parameters of type B. A context for scrypt can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an scrypt key derivation is specified via the "keylen" parameter to the L function. @@ -82,7 +82,7 @@ This example derives a 64-byte long test vector using scrypt with the password OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, @@ -93,8 +93,8 @@ This example derives a 64-byte long test vector using scrypt with the password *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8); *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); @@ -115,7 +115,7 @@ This example derives a 64-byte long test vector using scrypt with the password assert(!memcmp(out, expected, sizeof(out))); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -124,9 +124,9 @@ RFC 7914 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod index 65b15a4d59..e64417388f 100644 --- a/doc/man7/EVP_KDF-SS.pod +++ b/doc/man7/EVP_KDF-SS.pod @@ -66,7 +66,7 @@ This parameter sets an optional value for fixedinfo, also known as otherinfo. A context for SSKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an SSKDF is specified via the I parameter to the L function. @@ -82,7 +82,7 @@ and fixedinfo value "label": OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -92,14 +92,14 @@ and fixedinfo value "label": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", fixedinfo value "label" and salt "salt": @@ -110,7 +110,7 @@ fixedinfo value "label" and salt "salt": OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, @@ -124,14 +124,14 @@ fixedinfo value "label" and salt "salt": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "salt", (size_t)4); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" fixedinfo value "label", salt of "salt" and KMAC outlen of 20: @@ -142,7 +142,7 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 20: OSSL_PARAM params[7], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, @@ -157,14 +157,14 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 20: "salt", (size_t)4); *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -173,9 +173,9 @@ NIST SP800-56Cr1. =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index f71457211a..e91858c051 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -87,7 +87,7 @@ A single char of value 70 (ASCII char 'F'). A context for SSHKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of the SSHKDF derivation is specified via the I parameter to the L function. @@ -111,7 +111,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -125,7 +125,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE, EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) /* Error */ if (EVP_KDF_derive(kctx, out, &outlen) <= 0) @@ -139,9 +139,9 @@ RFC 4253 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod index de7d1c5ba6..74ddb657f7 100644 --- a/doc/man7/EVP_KDF-TLS1_PRF.pod +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -51,7 +51,7 @@ this should be more than enough for any normal use of the TLS PRF. A context for the TLS PRF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The digest, secret value and seed must be set before a key is derived otherwise an error will occur. @@ -70,7 +70,7 @@ and seed value "seed": OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -80,13 +80,13 @@ and seed value "seed": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, "seed", (size_t)4); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -95,9 +95,9 @@ RFC 2246, RFC 5246 and NIST SP 800-135 r1 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L diff --git a/doc/man7/EVP_KDF-X942.pod b/doc/man7/EVP_KDF-X942.pod index a4222163e1..e607212b28 100644 --- a/doc/man7/EVP_KDF-X942.pod +++ b/doc/man7/EVP_KDF-X942.pod @@ -49,7 +49,7 @@ This parameter sets the CEK wrapping algorithm name. A context for X942KDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an X942KDF is specified via the I parameter to the L function. @@ -71,9 +71,9 @@ keying material: kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); if (kctx == NULL) error("EVP_KDF_fetch"); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); if (kctx == NULL) - error("EVP_KDF_new_ctx"); + error("EVP_KDF_CTX_new"); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -85,12 +85,12 @@ keying material: SN_id_smime_alg_CMS3DESwrap, strlen(SN_id_smime_alg_CMS3DESwrap)); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) + error("EVP_KDF_CTX_set_params"); if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -99,9 +99,9 @@ RFC 2631 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index 685f687023..93ec14c837 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -46,7 +46,7 @@ X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. A context for X963KDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an X963KDF is specified via the I parameter to the L function. @@ -62,7 +62,7 @@ value "label": OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -72,14 +72,14 @@ value "label": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { - error("EVP_KDF_set_ctx_params"); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { + error("EVP_KDF_CTX_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO @@ -88,9 +88,9 @@ value "label": =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index d5673fa8e2..90b065340d 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_set_ctx_params(). +All these parameters can be set with EVP_MAC_CTX_set_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -61,7 +61,7 @@ It is 32 and 64 respectively by default. =head1 SEE ALSO -L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index 699a50824b..c210d693ce 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_set_ctx_params(): +The following parameter can be set with EVP_MAC_CTX_set_params(): =over 4 @@ -37,7 +37,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params(): =back The following parameters can be retrieved with -EVP_MAC_get_ctx_params(): +EVP_MAC_CTX_get_params(): =over 4 @@ -50,7 +50,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index 8e4d28e7b1..7c9477c215 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_set_ctx_params(): +The following parameter can be set with EVP_MAC_CTX_set_params(): =over 4 @@ -39,7 +39,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params(): =back The following parameters can be retrieved with -EVP_MAC_get_ctx_params(): +EVP_MAC_CTX_get_params(): =over 4 @@ -52,7 +52,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index 31ff102ae6..7f0ec35b43 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_set_ctx_params(): +The following parameter can be set with EVP_MAC_CTX_set_params(): =over 4 @@ -41,7 +41,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params(): The "flags" parameter is passed directly to HMAC_CTX_set_flags(). The following parameter can be retrieved with -EVP_MAC_get_ctx_params(): +EVP_MAC_CTX_get_params(): =over 4 @@ -54,7 +54,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index 88044540c5..df7ac1ddf6 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_set_ctx_params(). +All these parameters can be set with EVP_MAC_CTX_set_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -50,7 +50,7 @@ the input stream is set to zero. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index 8e288172a1..da9953a1d5 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_set_ctx_params(): +The following parameter can be set with EVP_MAC_CTX_set_params(): =over 4 @@ -33,7 +33,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params(): =back The following parameters can be retrieved with -EVP_MAC_get_ctx_params(): +EVP_MAC_CTX_get_params(): =over 4 @@ -46,7 +46,7 @@ The length of the "size" parameter should not exceed that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index a65e5919aa..d8013b3369 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -25,9 +25,9 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_set_ctx_params(). +All these parameters can be set with EVP_MAC_CTX_set_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -40,7 +40,7 @@ The length of the "size" parameter should not exceed that of a B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 85a939b5c3..923550e9db 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -26,8 +26,6 @@ # include # include -# include - # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 @@ -1073,6 +1071,40 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, void (*fn)(EVP_MD *md, void *arg), void *arg); +/* MAC stuff */ + +EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +int EVP_MAC_number(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +int EVP_MAC_init(EVP_MAC_CTX *ctx); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); + +void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +void EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + /* RAND stuff */ EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm, const char *properties); diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 2bd457cd9a..b3dee525dc 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -30,20 +30,20 @@ void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, const char *properties); -EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf); -void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx); -EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src); +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); int EVP_KDF_number(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); -const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx); +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); -int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); -int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); diff --git a/include/openssl/mac.h b/include/openssl/mac.h deleted file mode 100644 index 8411669bc9..0000000000 --- a/include/openssl/mac.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2019-2020=-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* MAC stuff */ - -#ifndef OPENSSL_EVP_MAC_H -# define OPENSSL_EVP_MAC_H -# pragma once - -# include -# include -# include - -# ifdef __cplusplus -extern "C" { -# endif - -EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, - const char *properties); -int EVP_MAC_up_ref(EVP_MAC *mac); -void EVP_MAC_free(EVP_MAC *mac); -int EVP_MAC_number(const EVP_MAC *mac); -int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); -const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); -int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - -EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); -void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); -EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); -EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); -int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); -int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); - -size_t EVP_MAC_size(EVP_MAC_CTX *ctx); -int EVP_MAC_init(EVP_MAC_CTX *ctx); -int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); -int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize); -const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); - -void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg); -void EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data); - -# ifdef __cplusplus -} -# endif -#endif /* OPENSSL_EVP_MAC_H */ diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index a0787a67e5..f6155e7dce 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -192,8 +192,8 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, if (macname != NULL) { EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties); - EVP_MAC_free_ctx(*macctx); - *macctx = mac == NULL ? NULL : EVP_MAC_new_ctx(mac); + EVP_MAC_CTX_free(*macctx); + *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac); /* The context holds on to the MAC */ EVP_MAC_free(mac); if (*macctx == NULL) @@ -244,10 +244,10 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, #endif *mp = OSSL_PARAM_construct_end(); - if (EVP_MAC_set_ctx_params(*macctx, mac_params)) + if (EVP_MAC_CTX_set_params(*macctx, mac_params)) return 1; - EVP_MAC_free_ctx(*macctx); + EVP_MAC_CTX_free(*macctx); *macctx = NULL; return 0; } diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index a4a3cb5c89..58aa42eed8 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -147,7 +147,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); - ctx = EVP_MAC_new_ctx(mac); + ctx = EVP_MAC_CTX_new(mac); if (mac == NULL || ctx == NULL) goto err; @@ -157,7 +157,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex sizeof(fixed_key)); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_set_ctx_params(ctx, params) <= 0 + if (EVP_MAC_CTX_set_params(ctx, params) <= 0 || !EVP_MAC_init(ctx)) goto err; @@ -178,7 +178,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex ret = 1; err: OSSL_SELF_TEST_onend(ev, ret); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); EVP_MAC_free(mac); return ret; } diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 6dc9dbc17f..8c88f8be5d 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -199,7 +199,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, if (kdf == NULL) goto err; - ctx = EVP_KDF_new_ctx(kdf); + ctx = EVP_KDF_CTX_new(kdf); if (ctx == NULL) goto err; @@ -211,7 +211,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, params = OSSL_PARAM_BLD_to_param(bld); if (params == NULL) goto err; - if (!EVP_KDF_set_ctx_params(ctx, params)) + if (!EVP_KDF_CTX_set_params(ctx, params)) goto err; if (t->expected_len > sizeof(out)) @@ -227,7 +227,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, ret = 1; err: EVP_KDF_free(kdf); - EVP_KDF_free_ctx(ctx); + EVP_KDF_CTX_free(ctx); BN_CTX_free(bnctx); OSSL_PARAM_BLD_free_params(params); OSSL_PARAM_BLD_free(bld); diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index 9cf18d84a2..d25da76d17 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -122,7 +122,7 @@ static void kbkdf_reset(void *vctx) KBKDF *ctx = (KBKDF *)vctx; void *provctx = ctx->provctx; - EVP_MAC_free_ctx(ctx->ctx_init); + EVP_MAC_CTX_free(ctx->ctx_init); OPENSSL_clear_free(ctx->context, ctx->context_len); OPENSSL_clear_free(ctx->label, ctx->label_len); OPENSSL_clear_free(ctx->ki, ctx->ki_len); @@ -151,7 +151,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, for (counter = 1; written < ko_len; counter++) { i = be32(counter); - ctx = EVP_MAC_dup_ctx(ctx_init); + ctx = EVP_MAC_CTX_dup(ctx_init); if (ctx == NULL) goto done; @@ -172,13 +172,13 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, written += h; k_i_len = h; - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); ctx = NULL; } ret = 1; done: - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); return ret; } @@ -247,9 +247,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, NULL, libctx)) return 0; else if (ctx->ctx_init != NULL - && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC) - && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), OSSL_MAC_NAME_CMAC)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); return 0; @@ -288,7 +288,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ctx->ki, ctx->ki_len); mparams[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(ctx->ctx_init, mparams) + if (!EVP_MAC_CTX_set_params(ctx->ctx_init, mparams) || !EVP_MAC_init(ctx->ctx_init)) return 0; } diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 6d6e3295c8..5ef73644f0 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -168,7 +168,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, (void *)custom, custom_len); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(ctx, params)) + if (!EVP_MAC_CTX_set_params(ctx, params)) return 0; /* By default only do one iteration if kmac_out_len is not specified */ @@ -186,7 +186,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &kmac_out_len); - if (EVP_MAC_set_ctx_params(ctx, params) <= 0) + if (EVP_MAC_CTX_set_params(ctx, params) <= 0) return 0; /* @@ -233,7 +233,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, (void *)salt, salt_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(ctx_init, params)) + if (!EVP_MAC_CTX_set_params(ctx_init, params)) goto end; if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len, @@ -256,7 +256,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, c[2] = (unsigned char)((counter >> 8) & 0xff); c[3] = (unsigned char)(counter & 0xff); - ctx = EVP_MAC_dup_ctx(ctx_init); + ctx = EVP_MAC_CTX_dup(ctx_init); if (!(ctx != NULL && EVP_MAC_update(ctx, c, sizeof(c)) && EVP_MAC_update(ctx, z, z_len) @@ -275,7 +275,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, memcpy(out, mac, len); break; } - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); ctx = NULL; } ret = 1; @@ -285,7 +285,7 @@ end: else OPENSSL_cleanse(mac_buf, sizeof(mac_buf)); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); return ret; } @@ -304,7 +304,7 @@ static void sskdf_reset(void *vctx) KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; void *provctx = ctx->provctx; - EVP_MAC_free_ctx(ctx->macctx); + EVP_MAC_CTX_free(ctx->macctx); ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->info, ctx->info_len); @@ -362,7 +362,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) const unsigned char *custom = NULL; size_t custom_len = 0; int default_salt_len; - EVP_MAC *mac = EVP_MAC_get_ctx_mac(ctx->macctx); + EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx); /* * TODO(3.0) investigate the necessity to have all these controls. diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index d90a1bd072..73437531f6 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -117,8 +117,8 @@ static void kdf_tls1_prf_reset(void *vctx) TLS1_PRF *ctx = (TLS1_PRF *)vctx; void *provctx = ctx->provctx; - EVP_MAC_free_ctx(ctx->P_hash); - EVP_MAC_free_ctx(ctx->P_sha1); + EVP_MAC_CTX_free(ctx->P_hash); + EVP_MAC_CTX_free(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); @@ -165,7 +165,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, SN_sha1, libctx)) return 0; } else { - EVP_MAC_free_ctx(ctx->P_sha1); + EVP_MAC_CTX_free(ctx->P_sha1); if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, OSSL_MAC_NAME_HMAC, NULL, NULL, libctx)) @@ -282,7 +282,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)sec, sec_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_set_ctx_params(ctx_init, params)) + if (!EVP_MAC_CTX_set_params(ctx_init, params)) goto err; if (!EVP_MAC_init(ctx_init)) goto err; @@ -290,7 +290,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, if (chunk == 0) goto err; /* A(0) = seed */ - ctx_Ai = EVP_MAC_dup_ctx(ctx_init); + ctx_Ai = EVP_MAC_CTX_dup(ctx_init); if (ctx_Ai == NULL) goto err; if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len)) @@ -300,18 +300,18 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, /* calc: A(i) = HMAC_(secret, A(i-1)) */ if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len, sizeof(Ai))) goto err; - EVP_MAC_free_ctx(ctx_Ai); + EVP_MAC_CTX_free(ctx_Ai); ctx_Ai = NULL; /* calc next chunk: HMAC_(secret, A(i) + seed) */ - ctx = EVP_MAC_dup_ctx(ctx_init); + ctx = EVP_MAC_CTX_dup(ctx_init); if (ctx == NULL) goto err; if (!EVP_MAC_update(ctx, Ai, Ai_len)) goto err; /* save state for calculating next A(i) value */ if (olen > chunk) { - ctx_Ai = EVP_MAC_dup_ctx(ctx); + ctx_Ai = EVP_MAC_CTX_dup(ctx); if (ctx_Ai == NULL) goto err; } @@ -326,15 +326,15 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, } if (!EVP_MAC_final(ctx, out, NULL, olen)) goto err; - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); ctx = NULL; out += chunk; olen -= chunk; } ret = 1; err: - EVP_MAC_free_ctx(ctx); - EVP_MAC_free_ctx(ctx_Ai); + EVP_MAC_CTX_free(ctx); + EVP_MAC_CTX_free(ctx_Ai); OPENSSL_cleanse(Ai, sizeof(Ai)); return ret; } diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c index b73fe958b0..7ddfae1568 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c @@ -64,7 +64,7 @@ static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte, *params = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, hmac->K, hmac->blocklen); - if (!EVP_MAC_set_ctx_params(ctx, params) + if (!EVP_MAC_CTX_set_params(ctx, params) || !EVP_MAC_init(ctx) /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */ || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen) @@ -78,7 +78,7 @@ static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte, /* V = HMAC(K, V) */ *params = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, hmac->K, hmac->blocklen); - return EVP_MAC_set_ctx_params(ctx, params) + return EVP_MAC_CTX_set_params(ctx, params) && EVP_MAC_init(ctx) && EVP_MAC_update(ctx, hmac->V, hmac->blocklen) && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V)); @@ -220,7 +220,7 @@ static int drbg_hmac_generate(PROV_DRBG *drbg, for (;;) { *params = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, hmac->K, hmac->blocklen); - if (!EVP_MAC_set_ctx_params(ctx, params) + if (!EVP_MAC_CTX_set_params(ctx, params) || !EVP_MAC_init(ctx) || !EVP_MAC_update(ctx, temp, hmac->blocklen)) return 0; @@ -315,7 +315,7 @@ static void drbg_hmac_free(void *vdrbg) PROV_DRBG_HMAC *hmac; if (drbg != NULL && (hmac = (PROV_DRBG_HMAC *)drbg->data) != NULL) { - EVP_MAC_free_ctx(hmac->ctx); + EVP_MAC_CTX_free(hmac->ctx); ossl_prov_digest_reset(&hmac->digest); OPENSSL_secure_clear_free(hmac, sizeof(*hmac)); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 7c0b3e9d65..11eea82fff 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -49,7 +49,7 @@ static int tls1_PRF(SSL *s, kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq); if (kdf == NULL) goto err; - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) goto err; @@ -70,9 +70,9 @@ static int tls1_PRF(SSL *s, *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (void *)seed5, (size_t)seed5_len); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_set_ctx_params(kctx, params) + if (EVP_KDF_CTX_set_params(kctx, params) && EVP_KDF_derive(kctx, out, olen)) { - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return 1; } @@ -82,7 +82,7 @@ static int tls1_PRF(SSL *s, ERR_R_INTERNAL_ERROR); else SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 41228d58e9..bf955bf3ec 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3390,12 +3390,12 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) } #endif mac = EVP_MAC_fetch(ctx->libctx, "HMAC", NULL); - if (mac == NULL || (ret->ctx = EVP_MAC_new_ctx(mac)) == NULL) + if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL) goto err; EVP_MAC_free(mac); return ret; err: - EVP_MAC_free_ctx(ret->ctx); + EVP_MAC_CTX_free(ret->ctx); EVP_MAC_free(mac); OPENSSL_free(ret); return NULL; @@ -3404,7 +3404,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) void ssl_hmac_free(SSL_HMAC *ctx) { if (ctx != NULL) { - EVP_MAC_free_ctx(ctx->ctx); + EVP_MAC_CTX_free(ctx->ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX_free(ctx->old_ctx); #endif @@ -3432,7 +3432,7 @@ int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_set_ctx_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) + if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) return 1; } #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 95e28d6d54..ba385f6ea2 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -57,7 +57,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, + 1 + EVP_MAX_MD_SIZE]; WPACKET pkt; - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -73,7 +73,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, */ SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); } - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return 0; } @@ -88,7 +88,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) || !WPACKET_get_total_written(&pkt, &hkdflabellen) || !WPACKET_finish(&pkt)) { - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); WPACKET_cleanup(&pkt); if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, @@ -107,10 +107,10 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, hkdflabel, hkdflabellen); *p++ = OSSL_PARAM_construct_end(); - ret = EVP_KDF_set_ctx_params(kctx, params) <= 0 + ret = EVP_KDF_CTX_set_params(kctx, params) <= 0 || EVP_KDF_derive(kctx, out, outlen) <= 0; - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); if (ret != 0) { if (fatal) @@ -198,7 +198,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, unsigned char preextractsec[EVP_MAX_MD_SIZE]; kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, s->ctx->propq); - kctx = EVP_KDF_new_ctx(kdf); + kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, @@ -211,7 +211,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, if (!ossl_assert(mdleni >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return 0; } mdlen = (size_t)mdleni; @@ -234,7 +234,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(mctx); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return 0; } EVP_MD_CTX_free(mctx); @@ -245,7 +245,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, sizeof(derived_secret_label) - 1, hash, mdlen, preextractsec, mdlen, 1)) { /* SSLfatal() already called */ - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return 0; } @@ -264,14 +264,14 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, prevsecretlen); *p++ = OSSL_PARAM_construct_end(); - ret = EVP_KDF_set_ctx_params(kctx, params) <= 0 + ret = EVP_KDF_CTX_set_params(kctx, params) <= 0 || EVP_KDF_derive(kctx, outsecret, mdlen) <= 0; if (ret != 0) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); if (prevsecret == preextractsec) OPENSSL_cleanse(preextractsec, mdlen); return ret == 0; @@ -360,9 +360,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, } *p++ = OSSL_PARAM_construct_end(); - ctx = EVP_MAC_new_ctx(hmac); + ctx = EVP_MAC_CTX_new(hmac); if (ctx == NULL - || !EVP_MAC_set_ctx_params(ctx, params) + || !EVP_MAC_CTX_set_params(ctx, params) || !EVP_MAC_init(ctx) || !EVP_MAC_update(ctx, hash, hashlen) /* outsize as per sizeof(peer_finish_md) */ @@ -375,7 +375,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, ret = hashlen; err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); EVP_MAC_free(hmac); return ret; } diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index d2d6a6b426..bfbaa7953a 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -305,14 +305,14 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, /* Append HMAC to data */ hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); - ctx = EVP_MAC_new_ctx(hmac); + ctx = EVP_MAC_CTX_new(hmac); EVP_MAC_free(hmac); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA1", 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, mac_key, 20); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_set_ctx_params(ctx, params); + EVP_MAC_CTX_set_params(ctx, params); EVP_MAC_init(ctx); EVP_MAC_update(ctx, epoch, 2); EVP_MAC_update(ctx, seq, 6); @@ -323,7 +323,7 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, EVP_MAC_update(ctx, lenbytes, 2); /* Length */ EVP_MAC_update(ctx, enc, len); /* Finally the data itself */ EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH); - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); /* Append padding bytes */ len += SHA_DIGEST_LENGTH; diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index ef6f6fe656..21b999fb1d 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -21,7 +21,7 @@ static EVP_KDF_CTX *get_kdfbyname(const char *name) { EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL); - EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); return kctx; @@ -50,11 +50,11 @@ static int test_kdf_tls1_prf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -80,11 +80,11 @@ static int test_kdf_hkdf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -121,10 +121,10 @@ static int test_kdf_pbkdf2(void) *p = OSSL_PARAM_construct_end(); if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) - || !TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)) - || !TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) /* A key length that is too small should fail */ || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0) /* A key length that is too large should fail */ @@ -156,7 +156,7 @@ static int test_kdf_pbkdf2(void) #endif ret = 1; err: - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -191,15 +191,15 @@ static int test_kdf_scrypt(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) /* failure test *//* && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/ && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, p - 1)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } #endif /* OPENSSL_NO_SCRYPT */ @@ -235,11 +235,11 @@ static int test_kdf_ss_hash(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -289,11 +289,11 @@ static int test_kdf_x963(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -345,11 +345,11 @@ static int test_kdf_kbkdf_6803_128(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), outputs[i], sizeof(outputs[i])); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); if (ret != 1) return ret; } @@ -411,11 +411,11 @@ static int test_kdf_kbkdf_6803_256(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), outputs[i], sizeof(outputs[i])); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); if (ret != 1) return ret; } @@ -459,11 +459,11 @@ static int test_kdf_kbkdf_8009_prf1(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -504,11 +504,11 @@ static int test_kdf_kbkdf_8009_prf2(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -547,11 +547,11 @@ static int test_kdf_ss_hmac(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -593,11 +593,11 @@ static int test_kdf_ss_kmac(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -651,11 +651,11 @@ static int test_kdf_sshkdf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } @@ -725,11 +725,11 @@ static int test_kdf_x942_asn1(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } #endif /* OPENSSL_NO_CMS */ @@ -763,11 +763,11 @@ static int test_kdf_krb5kdf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) - && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_free_ctx(kctx); + EVP_KDF_CTX_free(kctx); return ret; } diff --git a/test/evp_test.c b/test/evp_test.c index 7e93b41f32..a1e205b20b 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1341,12 +1341,12 @@ static int mac_test_run_mac(EVP_TEST *t) } params[params_n] = OSSL_PARAM_construct_end(); - if ((ctx = EVP_MAC_new_ctx(expected->mac)) == NULL) { + if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { t->err = "MAC_CREATE_ERROR"; goto err; } - if (!EVP_MAC_set_ctx_params(ctx, params)) { + if (!EVP_MAC_CTX_set_params(ctx, params)) { t->err = "MAC_BAD_PARAMS"; goto err; } @@ -1378,7 +1378,7 @@ static int mac_test_run_mac(EVP_TEST *t) while (params_n-- > params_n_allocstart) { OPENSSL_free(params[params_n].data); } - EVP_MAC_free_ctx(ctx); + EVP_MAC_CTX_free(ctx); OPENSSL_free(got); return 1; } @@ -2398,7 +2398,7 @@ static int kdf_test_init(EVP_TEST *t, const char *name) OPENSSL_free(kdata); return 0; } - kdata->ctx = EVP_KDF_new_ctx(kdf); + kdata->ctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kdata->ctx == NULL) { OPENSSL_free(kdata); @@ -2416,7 +2416,7 @@ static void kdf_test_cleanup(EVP_TEST *t) for (p = kdata->params; p->key != NULL; p++) OPENSSL_free(p->data); OPENSSL_free(kdata->output); - EVP_KDF_free_ctx(kdata->ctx); + EVP_KDF_CTX_free(kdata->ctx); } static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, @@ -2425,8 +2425,7 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, KDF_DATA *kdata = t->data; int rv; char *p, *name; - const OSSL_PARAM *defs = - EVP_KDF_settable_ctx_params(EVP_KDF_get_ctx_kdf(kctx)); + const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx)); if (!TEST_ptr(name = OPENSSL_strdup(value))) return 0; @@ -2482,7 +2481,7 @@ static int kdf_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = expected->output_len; - if (!EVP_KDF_set_ctx_params(expected->ctx, expected->params)) { + if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { t->err = "KDF_CTRL_ERROR"; return 1; } diff --git a/test/sslapitest.c b/test/sslapitest.c index 1a91f96fb9..ccee736592 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -7044,7 +7044,7 @@ static int tick_key_evp_cb(SSL *s, unsigned char key_name[16], params[2] = OSSL_PARAM_construct_end(); if (aes128cbc == NULL || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) - || !EVP_MAC_set_ctx_params(hctx, params) + || !EVP_MAC_CTX_set_params(hctx, params) || !EVP_MAC_init(hctx)) ret = -1; else diff --git a/util/libcrypto.num b/util/libcrypto.num index 2627608f55..ff2bf030d3 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4424,10 +4424,10 @@ OCSP_resp_get0_respdata 4530 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_CTX_set_pkey_ctx 4531 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION: -EVP_MAC_new_ctx ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_free_ctx ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_dup_ctx ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_get_ctx_mac ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_mac ? 3_0_0 EXIST::FUNCTION: EVP_MAC_size ? 3_0_0 EXIST::FUNCTION: EVP_MAC_init ? 3_0_0 EXIST::FUNCTION: EVP_MAC_update ? 3_0_0 EXIST::FUNCTION: @@ -4466,7 +4466,7 @@ ASYNC_WAIT_CTX_set_callback ? 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_status ? 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_status ? 3_0_0 EXIST::FUNCTION: ERR_load_ESS_strings ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_free_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_free ? 3_0_0 EXIST::FUNCTION: EVP_KDF_reset ? 3_0_0 EXIST::FUNCTION: EVP_KDF_size ? 3_0_0 EXIST::FUNCTION: EVP_KDF_derive ? 3_0_0 EXIST::FUNCTION: @@ -4616,8 +4616,8 @@ EVP_CIPHER_up_ref ? 3_0_0 EXIST::FUNCTION: EVP_CIPHER_fetch ? 3_0_0 EXIST::FUNCTION: EVP_CIPHER_mode ? 3_0_0 EXIST::FUNCTION: OPENSSL_info ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_new_ctx ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_get_ctx_kdf ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_new ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_kdf ? 3_0_0 EXIST::FUNCTION: i2d_KeyParams ? 3_0_0 EXIST::FUNCTION: d2i_KeyParams ? 3_0_0 EXIST::FUNCTION: i2d_KeyParams_bio ? 3_0_0 EXIST::FUNCTION: @@ -4700,8 +4700,8 @@ EVP_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MD_get_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_fetch ? 3_0_0 EXIST::FUNCTION: EVP_MAC_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_set_ctx_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_get_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_get_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_free ? 3_0_0 EXIST::FUNCTION: EVP_MAC_up_ref ? 3_0_0 EXIST::FUNCTION: @@ -4714,11 +4714,11 @@ EVP_CIPHER_free ? 3_0_0 EXIST::FUNCTION: EVP_KDF_up_ref ? 3_0_0 EXIST::FUNCTION: EVP_KDF_free ? 3_0_0 EXIST::FUNCTION: EVP_KDF_fetch ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_dup_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_dup ? 3_0_0 EXIST::FUNCTION: EVP_KDF_provider ? 3_0_0 EXIST::FUNCTION: EVP_KDF_get_params ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_get_ctx_params ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_set_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_set_params ? 3_0_0 EXIST::FUNCTION: EVP_KDF_gettable_params ? 3_0_0 EXIST::FUNCTION: EVP_KDF_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_KDF_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: From levitte at openssl.org Thu Jul 16 12:55:11 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 12:55:11 +0000 Subject: [openssl] master update Message-ID: <1594904111.411684.25023.nullmailer@dev.openssl.org> The branch master has been updated via e39e295e205ab8461d3ac814129bbb08c2d1266d (commit) from e4162f86d7fd92058e5558bd81ce9dbc615fec3f (commit) - Log ----------------------------------------------------------------- commit e39e295e205ab8461d3ac814129bbb08c2d1266d Author: Richard Levitte Date: Thu Jul 16 14:47:04 2020 +0200 Update copyright year Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12463) ----------------------------------------------------------------------- Summary of changes: config.com | 2 +- crypto/async/async.c | 2 +- crypto/async/async_local.h | 2 +- crypto/chacha/chacha_enc.c | 2 +- crypto/cms/cms_enc.c | 2 +- crypto/conf/conf_mall.c | 2 +- crypto/engine/eng_ctrl.c | 2 +- crypto/engine/eng_fat.c | 2 +- crypto/engine/eng_init.c | 2 +- crypto/engine/eng_pkey.c | 2 +- crypto/engine/eng_rdrand.c | 2 +- crypto/engine/tb_asnmth.c | 2 +- crypto/engine/tb_cipher.c | 2 +- crypto/engine/tb_dh.c | 2 +- crypto/engine/tb_digest.c | 2 +- crypto/engine/tb_dsa.c | 2 +- crypto/engine/tb_eckey.c | 2 +- crypto/engine/tb_pkmeth.c | 2 +- crypto/engine/tb_rand.c | 2 +- crypto/engine/tb_rsa.c | 2 +- crypto/err/err_local.h | 2 +- crypto/evp/e_chacha20_poly1305.c | 2 +- crypto/init.c | 2 +- crypto/o_time.c | 2 +- crypto/rand/randfile.c | 2 +- crypto/sha/sha_local.h | 2 +- crypto/trace.c | 2 +- doc/man3/ASN1_INTEGER_get_int64.pod | 2 +- doc/man3/ASYNC_WAIT_CTX_new.pod | 2 +- doc/man3/ASYNC_start_job.pod | 2 +- doc/man3/BIO_ADDR.pod | 2 +- doc/man3/BIO_ADDRINFO.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_s_bio.pod | 2 +- doc/man3/CRYPTO_THREAD_run_once.pod | 2 +- doc/man3/DSA_set_method.pod | 2 +- doc/man3/DTLSv1_listen.pod | 2 +- doc/man3/ENGINE_add.pod | 2 +- doc/man3/EVP_CIPHER_meth_new.pod | 2 +- doc/man3/EVP_EncodeInit.pod | 2 +- doc/man3/EVP_OpenInit.pod | 2 +- doc/man3/EVP_PKEY_verify_recover.pod | 2 +- doc/man3/EVP_SealInit.pod | 2 +- doc/man3/EVP_VerifyInit.pod | 2 +- doc/man3/OPENSSL_LH_COMPFUNC.pod | 2 +- doc/man3/OPENSSL_config.pod | 2 +- doc/man3/OPENSSL_ia32cap.pod | 2 +- doc/man3/OPENSSL_init_crypto.pod | 2 +- doc/man3/OPENSSL_load_builtin_modules.pod | 2 +- doc/man3/OPENSSL_s390xcap.pod | 2 +- doc/man3/OpenSSL_version.pod | 2 +- doc/man3/PKCS7_verify.pod | 2 +- doc/man3/RAND_DRBG_get0_public.pod | 2 +- doc/man3/RAND_DRBG_reseed.pod | 2 +- doc/man3/SSL_CTX_set_generate_session_id.pod | 2 +- doc/man3/SSL_CTX_set_session_cache_mode.pod | 2 +- doc/man3/SSL_CTX_set_session_id_context.pod | 2 +- doc/man3/SSL_CTX_set_split_send_fragment.pod | 2 +- doc/man3/SSL_get_all_async_fds.pod | 2 +- doc/man3/SSL_pending.pod | 2 +- doc/man3/SSL_read.pod | 2 +- doc/man3/SSL_set_bio.pod | 2 +- doc/man3/UI_create_method.pod | 2 +- doc/man3/X509_check_host.pod | 2 +- doc/man3/X509_check_issued.pod | 2 +- doc/man7/evp.pod | 2 +- engines/e_devcrypto.c | 2 +- include/internal/endian.h | 2 +- include/openssl/e_os2.h | 2 +- include/openssl/engine.h | 2 +- include/openssl/trace.h | 2 +- providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c | 2 +- providers/implementations/ciphers/ciphercommon_local.h | 2 +- providers/implementations/digests/blake2_impl.h | 2 +- ssl/record/rec_layer_d1.c | 2 +- ssl/record/ssl3_record_tls13.c | 2 +- test/afalgtest.c | 2 +- test/asynctest.c | 2 +- test/enginetest.c | 2 +- test/recipes/02-test_errstr.t | 2 +- test/recipes/70-test_renegotiation.t | 2 +- test/recipes/70-test_sslextension.t | 2 +- test/recipes/70-test_sslrecords.t | 2 +- test/recipes/70-test_tls13downgrade.t | 2 +- test/recipes/70-test_verify_extra.t | 2 +- 85 files changed, 85 insertions(+), 85 deletions(-) diff --git a/config.com b/config.com index 252cada5e9..21a6bce1be 100644 --- a/config.com +++ b/config.com @@ -1,5 +1,5 @@ $ ! OpenSSL config: determine the architecture and run Configure -$ ! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +$ ! Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. $ ! $ ! Licensed under the Apache License 2.0 (the "License"). You may not use $ ! this file except in compliance with the License. You can obtain a diff --git a/crypto/async/async.c b/crypto/async/async.c index b985505309..b30f516d05 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/async/async_local.h b/crypto/async/async_local.h index f2f0a56186..8caa71cef4 100644 --- a/crypto/async/async_local.h +++ b/crypto/async/async_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c index 86667cf9e2..c5d1d63d80 100644 --- a/crypto/chacha/chacha_enc.c +++ b/crypto/chacha/chacha_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 5f9e2b3a52..3eb2f41a6a 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 9852f0212e..123e2abaad 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index 1cc4f545af..0701c4c92a 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index e0de95d11b..1e98a340cd 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c index 7303426e81..22376a96fe 100644 --- a/crypto/engine/eng_init.c +++ b/crypto/engine/eng_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index 68df415475..c94c2eacb3 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index 53cd34fb28..39e4055a90 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index 3aad4e8d1c..018b331647 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c index bc97deda87..3940978d82 100644 --- a/crypto/engine/tb_cipher.c +++ b/crypto/engine/tb_cipher.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c index fa8b5b846b..6ba2c0a859 100644 --- a/crypto/engine/tb_dh.c +++ b/crypto/engine/tb_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c index 5e75e64e69..63fe055bbd 100644 --- a/crypto/engine/tb_digest.c +++ b/crypto/engine/tb_digest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c index 65dbe64df9..f3b1b6820c 100644 --- a/crypto/engine/tb_dsa.c +++ b/crypto/engine/tb_dsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c index ae7ef5ebdf..c58037ea89 100644 --- a/crypto/engine/tb_eckey.c +++ b/crypto/engine/tb_eckey.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index 2d0cbff497..65ae42d33b 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c index 9996cf67d6..c7fdf8b268 100644 --- a/crypto/engine/tb_rand.c +++ b/crypto/engine/tb_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c index 35f6c68e54..9b1329a2e0 100644 --- a/crypto/engine/tb_rsa.c +++ b/crypto/engine/tb_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h index add49af44c..2f9caf2e0e 100644 --- a/crypto/err/err_local.h +++ b/crypto/err/err_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 95319245b6..0c7c7dbe40 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/init.c b/crypto/init.c index 8c1fc2598f..34dd724bc5 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/o_time.c b/crypto/o_time.c index 695f5c2938..632e19e367 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index cbc2720918..b27d0fb0e9 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/sha_local.h b/crypto/sha/sha_local.h index d592a829f4..81de72ba4f 100644 --- a/crypto/sha/sha_local.h +++ b/crypto/sha/sha_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/trace.c b/crypto/trace.c index e6628f9bae..a8316c12b1 100755 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index 49f7ca3ac0..1d9ff25f84 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -123,7 +123,7 @@ were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index ad6fe31a55..c95ceb78a0 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -216,7 +216,7 @@ were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod index 24ef7fcbf2..983fcf9cf4 100644 --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -325,7 +325,7 @@ added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod index bcd83b5a14..5ab88622ce 100644 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -115,7 +115,7 @@ L, L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDRINFO.pod b/doc/man3/BIO_ADDRINFO.pod index e1fe5a8e0d..d6f452065e 100644 --- a/doc/man3/BIO_ADDRINFO.pod +++ b/doc/man3/BIO_ADDRINFO.pod @@ -104,7 +104,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index 5cff74f10e..328382d7c9 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -145,7 +145,7 @@ OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod index a5a66c5e8f..cf25538fef 100644 --- a/doc/man3/BIO_s_bio.pod +++ b/doc/man3/BIO_s_bio.pod @@ -191,7 +191,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod index dd0d21a9de..5cffc42026 100644 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -159,7 +159,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_set_method.pod b/doc/man3/DSA_set_method.pod index 2a3f111b31..e66832fee7 100644 --- a/doc/man3/DSA_set_method.pod +++ b/doc/man3/DSA_set_method.pod @@ -78,7 +78,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index cb4c73d41a..aa20918686 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -126,7 +126,7 @@ The type of "peer" also changed in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index f2c112dcd8..ed720bd905 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -666,7 +666,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod index 92ce1d902f..2e4cea289e 100644 --- a/doc/man3/EVP_CIPHER_meth_new.pod +++ b/doc/man3/EVP_CIPHER_meth_new.pod @@ -240,7 +240,7 @@ counted in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod index b0d00fa4b5..89e3358450 100644 --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -151,7 +151,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_OpenInit.pod b/doc/man3/EVP_OpenInit.pod index b84f767245..baa7ad52f0 100644 --- a/doc/man3/EVP_OpenInit.pod +++ b/doc/man3/EVP_OpenInit.pod @@ -59,7 +59,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index bde2d3a8c1..e8acd6ab8d 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -108,7 +108,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod index 35f2d876ae..d2652f5cf9 100644 --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -82,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index deb9b387de..3686980b2f 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -85,7 +85,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index c1eb68d081..3873ac0031 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -236,7 +236,7 @@ type checking. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index bc5510fac9..44017b4215 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -77,7 +77,7 @@ deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod index f3192454e3..60b294acde 100644 --- a/doc/man3/OPENSSL_ia32cap.pod +++ b/doc/man3/OPENSSL_ia32cap.pod @@ -157,7 +157,7 @@ Not available. =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index 7e7b1ef69c..0b8f9010c4 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -289,7 +289,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_load_builtin_modules.pod b/doc/man3/OPENSSL_load_builtin_modules.pod index 2ff53ae9d8..126ef8331a 100644 --- a/doc/man3/OPENSSL_load_builtin_modules.pod +++ b/doc/man3/OPENSSL_load_builtin_modules.pod @@ -50,7 +50,7 @@ ENGINE_add_conf_module() was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod index 3eb5d1ad8a..f405241153 100644 --- a/doc/man3/OPENSSL_s390xcap.pod +++ b/doc/man3/OPENSSL_s390xcap.pod @@ -189,7 +189,7 @@ Disables the KM-XTS-AES and the KIMD-SHAKE function codes: =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index 5342bc985d..a4ef1cfbaf 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -244,7 +244,7 @@ with the exception of the L ones. =head1 COPYRIGHT -Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS7_verify.pod b/doc/man3/PKCS7_verify.pod index e43a769cb0..8b7d306138 100644 --- a/doc/man3/PKCS7_verify.pod +++ b/doc/man3/PKCS7_verify.pod @@ -119,7 +119,7 @@ L, L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_get0_public.pod b/doc/man3/RAND_DRBG_get0_public.pod index 33062a9e7e..18b15bc9b9 100644 --- a/doc/man3/RAND_DRBG_get0_public.pod +++ b/doc/man3/RAND_DRBG_get0_public.pod @@ -87,7 +87,7 @@ All other RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index a0878151e4..8bf2669a87 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -108,7 +108,7 @@ Prediction resistance is supported from OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_generate_session_id.pod b/doc/man3/SSL_CTX_set_generate_session_id.pod index 79b58de5ff..7fb8a76629 100644 --- a/doc/man3/SSL_CTX_set_generate_session_id.pod +++ b/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -128,7 +128,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_session_cache_mode.pod b/doc/man3/SSL_CTX_set_session_cache_mode.pod index a4c5edbf02..26febc6986 100644 --- a/doc/man3/SSL_CTX_set_session_cache_mode.pod +++ b/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -131,7 +131,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod index 6b2bd70364..c9572bd0d8 100644 --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -82,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index 0ab84665bf..ece474b2eb 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -179,7 +179,7 @@ and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_all_async_fds.pod b/doc/man3/SSL_get_all_async_fds.pod index d6ef72b0de..c944d315d8 100644 --- a/doc/man3/SSL_get_all_async_fds.pod +++ b/doc/man3/SSL_get_all_async_fds.pod @@ -79,7 +79,7 @@ and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_pending.pod b/doc/man3/SSL_pending.pod index 196912b6be..c7cb6fce15 100644 --- a/doc/man3/SSL_pending.pod +++ b/doc/man3/SSL_pending.pod @@ -59,7 +59,7 @@ The SSL_has_pending() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index b934df0d6a..3cbab3009f 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -142,7 +142,7 @@ The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod index 9d9219c4b1..90dfcc91bf 100644 --- a/doc/man3/SSL_set_bio.pod +++ b/doc/man3/SSL_set_bio.pod @@ -102,7 +102,7 @@ SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/UI_create_method.pod b/doc/man3/UI_create_method.pod index 8d15f1b029..23af53eccd 100644 --- a/doc/man3/UI_create_method.pod +++ b/doc/man3/UI_create_method.pod @@ -210,7 +210,7 @@ and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index 459c37652d..3c4ef8b098 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -150,7 +150,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_issued.pod b/doc/man3/X509_check_issued.pod index 0aedefa459..fe37cd4858 100644 --- a/doc/man3/X509_check_issued.pod +++ b/doc/man3/X509_check_issued.pod @@ -35,7 +35,7 @@ L, L =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod index 2a3a1a91dc..d8f5a2c1d3 100644 --- a/doc/man7/evp.pod +++ b/doc/man7/evp.pod @@ -104,7 +104,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index e8d5d5dd5a..160a07b641 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/endian.h b/include/internal/endian.h index 6027bd65de..f581c14b24 100644 --- a/include/internal/endian.h +++ b/include/internal/endian.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index aab4ef38a7..7b51939e3d 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 76ab29815f..3af9ecccc9 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/include/openssl/trace.h b/include/openssl/trace.h index 4f18e7526c..e1c66e00f8 100644 --- a/include/openssl/trace.h +++ b/include/openssl/trace.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c index bd99a9fb4e..d9f314c9b6 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/ciphercommon_local.h b/providers/implementations/ciphers/ciphercommon_local.h index 43c1c192af..9427c0c537 100644 --- a/providers/implementations/ciphers/ciphercommon_local.h +++ b/providers/implementations/ciphers/ciphercommon_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/blake2_impl.h b/providers/implementations/digests/blake2_impl.h index aa6d8a3075..e7c31474a3 100644 --- a/providers/implementations/digests/blake2_impl.h +++ b/providers/implementations/digests/blake2_impl.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 0da012fdfd..605afb7db6 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 910b6a5862..6554ac92d7 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/afalgtest.c b/test/afalgtest.c index 01a2c8bf46..6e6bbd5530 100644 --- a/test/afalgtest.c +++ b/test/afalgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/asynctest.c b/test/asynctest.c index 13b66993c5..d59104226b 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/enginetest.c b/test/enginetest.c index 99d914e09a..f3f020cc30 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t index 53a4ef8412..a63812f397 100644 --- a/test/recipes/02-test_errstr.t +++ b/test/recipes/02-test_errstr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t index 8cf3e4f54b..68b9ba1aa0 100644 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t index 468025ba0a..9be001edc2 100644 --- a/test/recipes/70-test_sslextension.t +++ b/test/recipes/70-test_sslextension.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 395b7e0619..151216c57d 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t index e3b7ce8361..f8dc8543be 100644 --- a/test/recipes/70-test_tls13downgrade.t +++ b/test/recipes/70-test_tls13downgrade.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t index 6876870bbf..b4bd013f36 100644 --- a/test/recipes/70-test_verify_extra.t +++ b/test/recipes/70-test_verify_extra.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From levitte at openssl.org Thu Jul 16 13:12:18 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 13:12:18 +0000 Subject: [openssl] master update Message-ID: <1594905138.432809.17047.nullmailer@dev.openssl.org> The branch master has been updated via b013cf90000aec515af17ee9bb3fe37ca0891499 (commit) from e39e295e205ab8461d3ac814129bbb08c2d1266d (commit) - Log ----------------------------------------------------------------- commit b013cf90000aec515af17ee9bb3fe37ca0891499 Author: Richard Levitte Date: Thu Jul 16 15:08:30 2020 +0200 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' This was forgotten when that file changed name, and that unfortunately disrupts releases. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12464) ----------------------------------------------------------------------- Summary of changes: util/mktar.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mktar.sh b/util/mktar.sh index 04b29e2e3a..ec47578f34 100755 --- a/util/mktar.sh +++ b/util/mktar.sh @@ -9,7 +9,7 @@ HERE=`dirname $0` # Get all version data as shell variables -. $HERE/../VERSION +. $HERE/../VERSION.dat if [ -n "$PRE_RELEASE_TAG" ]; then PRE_RELEASE_TAG=-$PRE_RELEASE_TAG; fi version=$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA From levitte at openssl.org Thu Jul 16 13:29:33 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 13:29:33 +0000 Subject: [openssl] openssl-3.0.0-alpha5 create Message-ID: <1594906173.334826.25741.nullmailer@dev.openssl.org> The annotated tag openssl-3.0.0-alpha5 has been created at b603e202bab26e1c099839a78871047e2fe9de10 (tag) tagging e70a2d9f139e69f0f8a0846a170623256e424dea (commit) replaces openssl-3.0.0-alpha4 tagged by Richard Levitte on Thu Jul 16 15:22:46 2020 +0200 - Log ----------------------------------------------------------------- OpenSSL 3.0.0-alpha5 release tag -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCXxBUpgAKCRCnr5549wlF OyjRAJ9VbSPhdUmpeg0yNxs00Mq3xEs1NQCffMSROJG9Pr+OKasjPYYRD6pdiQk= =GnBK -----END PGP SIGNATURE----- Attila Szakacs (1): Configuration: do not overwrite BASE_unix ex_libs in AIX Benjamin Kaduk (1): Providerized libssl fallout: cleanup init Benny Baumann (1): Force ssl/tls protocol flags to use stream sockets Billy Brumley (1): [test] ectest: check custom generators Daniel Bevenius (2): Configurations: make Makefile tmpl files non-links Configure: fix minor typo in apitable comment Dr. David von Oheimb (20): Move test-related info from INSTALL.md to new test/README.md, updating references INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout Improve documentation, layout, and code comments regarding self-issued certs etc. Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} Make x509 -force_pubkey test case with self-issued cert more realistic by adding CA basic constraints, CA key usage, and key IDs to the cert and by add -partial_chain to the verify call that trusts this cert Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs Optimization and safety precaution in find_issuer() of x509_vfy.c: candidate issuer cert cannot be the same as the subject cert 'x' Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod Add X509_self_signed(), extending and improving documenation and tests X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF) test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes test/run_tests.pl: Add alias REPORT_FAILURES{,_PROGRESS} for VF and VFP 81-test_cmp_cli.t: Streamline {start,stop}_mock_server and improve port setting 81-test_cmp_cli.t: Correct subroutine quote_spc_empty and its use util/markdownlint.rb: Add two rule exceptions: MD023 and MD026 Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files ocsp.h: Fix backward compatibility decl for OCSP_parse_url() by including http.h Glenn Strauss (1): improve SSL_CTX_set_tlsext_ticket_key_cb ref impl Gustaf Neumann (1): Fix typos and repeated words Jakub Wilk (1): doc: Remove stray backtick Jon Spillett (1): Fix up build issue when running cpp tests Kurt Roeckx (2): Fix syntax of cipher string Reduce the security bits for MD5 and SHA1 based signatures in TLS Martin Elshuber (1): Add support to zeroize plaintext in S3 record layer Matt Caswell (29): Prepare for 3.0 alpha 5 Make the ASYNC code default libctx aware Add a test to make sure ASYNC aware code gets the right default libctx Fix a typo on the SSL_dup page Don't forget our provider ctx when resetting Ensure a string is properly terminated in http_client.c If an empty password is supplied still try to use it Don't run the cmp_cli tests if using FUZZING_BUILD_MODE Fix a typo in the i2d_TYPE_fp documentation Move MAC removal responsibility to the various protocol "enc" functions Split the padding/mac removal functions out into a separate file Remove SSL dependencies from tls_pad.c Add provider support for TLS CBC padding and MAC removal Make libssl start using the TLS provider CBC support Change ChaCha20-Poly1305 to be consistent with out ciphers Make the NULL cipher TLS aware Ensure cipher_generic_initkey gets passed the actual provider ctx Ensure GCM "update" failures return 0 on error Ensure the sslcorrupttest checks all errors on the queue Decreate the length after decryption for the stitched ciphers Ensure any allocated MAC is freed in the provider code Convert SSLv3 handling to use provider side CBC/MAC removal Ensure TLS padding is added during encryption on the provider side Fix OSSL_PROVIDER_get_capabilities() Fix an incorrect error flow in add_provider_groups Add a test to check having a provider loaded without a groups still works Ensure we excluse ec2m curves if ec2m is disabled Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" Revert "kdf: make function naming consistent." Mi?osz Kaniewski (1): Free pre_proc_exts in SSL_free() Nicola Tuveri (8): Test genpkey app for EC keygen with various args Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY Run tests in parallel Travis: default to HARNESS_JOBS=4 [test/README.md] minor fix of examples missing the test target [EC][ASN1] Detect missing OID when serializing EC parameters and keys [apps/genpkey] exit status should not be 0 on output errors [test][15-test_genec] Improve EC tests with genpkey Pauli (35): rand: fix CPU and timer sources. rand: include the CPU source in a build. doc: remove reference to the predecessor of SHA-1. rand: fix recursive locking issue. Refactor the EVP_RAND code to make locking issues less likely rand: avoid caching RNG parameters. coverity: CID 1464987: USE AFTER FREE cmp: remove NULL check. coverity 1464984: Null pointer dereferences coverity 1464983: null pointer dereference apps: remove NULL check imn release_engine since ENGINE_free also does it. DRBG: rename the DRBG taxonomy. deprecate engines in 3.0 apps/list: deprecate engine support engine: document the engine app as deprecated apps: document the deprecation of the -engine option doc: deprecate ENGINE documentation Fix indentation for engine.h deprecate engines deprecate engines in SSL deprecate engine tests deprecate engine from public header files apps: deprecate engines deprecate engines in libcrypto deprecate engines in provider code doc: document that the engine initialisation options are deprecated. ENGINESDIR: document that this configuration is deprecated. RAND: document that the ENGINE RAND override is deprecated. Document that the ENGINE_[sg]_ex_data() calls are reprecated. Document that exdata for ENGINES is deprecated. Document that ENGINE_add_conf_module() was deprecated. trace: condition out engine related tracing doc: remove unused engine tracing option libcrypto.num: engine deprecation updates capabilities: make capability selection case insensitive. Rich Salz (4): Initial rewrite of config as a Perl module Add --fips-key configuration parameter to fipsinstall application. Use defaults FIPSKEY if not given on command line Make -provider_name and -section_name optional Richard Levitte (40): TEST: Add TODO segments in test/recipes/15-test_genec.t INSTALL.md: Restore $ as command prompt indicator CORE: Add OPENSSL_CTX_set0_default(), to set a default library context Update NEWS and CHANGES TEST: Add test to exercise OPENSSL_CTX_set0_default() CORE: Add an internal function to distinguish the global default context util/perl/OpenSSL/config.pm: Don't detect removed directories in util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command Remove OpenSSL::config::main(), it's not necessary util/perl/OpenSSL/config.pm: Rework determining compiler information util/perl/OpenSSL/config.pm, Configure: move check of target with compiler util/perl/OpenSSL/config.pm: refactor map_guess() config: Turn into a simple wrapper util/perl/OpenSSL/config.pm: remove expand() and use eval util/perl/OpenSSL/config.pm: refactor guess_system() Configure: pick up options from older 'config' DOC: Mention Configure consistently Configurations: drop toolchain from configuration targets apps/openssl: clean-up of unused fallback code Configure: Check source and build dir equality a little more thoroughly Configure: fix handling of build.info attributes with value util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries NOTE.WIN: suggest the audetecting configuration variant as well util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/ Configuration and build: Fix solaris tags CORE: perform post-condition in algorithm_do_this() under all circumstances ERR: refactor global error codes ERR: special case system errors TEST: fix test/errtest.c SSL: fix misuse of ERR_LIB_SYS TEST: update 02-test_errstr.t to have better tests Makefile template: fix incorrect treatment of produced document files DOC: install documentation without execution permissions. Add and use internal header that implements endianness check BN: Check endianness in run-time, in BN_native2bn() and BN_bn2nativepad() Add latest changes and news in CHANGES.md and NEWS.md DRBG: Fix the renamed functions after the EVP_MAC name reversal Update copyright year util/mktar.pl: Change 'VERSION' to 'VERSION.dat' Prepare for release of 3.0 alpha 5 Shane Lontis (12): Fix CID-1464802 Fix CID #1465216 Resource leak in property_fetch Fix CID 1465215 : Explicit null dereferenced (in test) Fix CID 1465214 Resource leak (in file_load.c) Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) Fix CID 1465213: Integer handling issues (evp_extra_test.c) Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fix wrong fipsinstall key used in test Add AES_CBC_CTS ciphers to providers Add FIPS related configuration data to the default openssl application configuration file Todd Short (1): Add SSL_get[01]_peer_certificate() aSoujyuTanaka (4): Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html To generate makefile with correct parameters for WinCE. Enable WinCE build without deceiving _MSC_VER. pedro martelletto (1): doc/man3: fix types taken by HMAC(), HMAC_Update() ----------------------------------------------------------------------- From levitte at openssl.org Thu Jul 16 13:30:33 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 13:30:33 +0000 Subject: [openssl] master update Message-ID: <1594906233.860267.28151.nullmailer@dev.openssl.org> The branch master has been updated via 318565b73374a3821dbd00d1d0e598e957fc45c9 (commit) via e70a2d9f139e69f0f8a0846a170623256e424dea (commit) from b013cf90000aec515af17ee9bb3fe37ca0891499 (commit) - Log ----------------------------------------------------------------- commit 318565b73374a3821dbd00d1d0e598e957fc45c9 Author: Richard Levitte Date: Thu Jul 16 15:23:08 2020 +0200 Prepare for 3.0 alpha 6 Reviewed-by: Nicola Tuveri commit e70a2d9f139e69f0f8a0846a170623256e424dea Author: Richard Levitte Date: Thu Jul 16 15:22:29 2020 +0200 Prepare for release of 3.0 alpha 5 Reviewed-by: Nicola Tuveri ----------------------------------------------------------------------- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index 2ba82bbc93..7c83447f66 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha5-dev +PRE_RELEASE_TAG=alpha6-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3 From builds at travis-ci.com Thu Jul 16 13:41:33 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 13:41:33 +0000 Subject: Errored: openssl/openssl#36150 (master - 81ed433) In-Reply-To: Message-ID: <5f10590d680d2_13ff3134ada9425936@travis-pro-tasks-6c87f6974d-9szrj.mail> Build Update for openssl/openssl ------------------------------------- Build: #36150 Status: Errored Duration: 1 hr, 53 mins, and 35 secs Commit: 81ed433 (master) Author: Pauli Message: libcrypto.num: engine deprecation updates Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) View the changeset: https://github.com/openssl/openssl/compare/8c2bfd25129a...81ed433cf835 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175830474?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 16 13:43:00 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 16 Jul 2020 13:43:00 +0000 Subject: [web] master update Message-ID: <1594906980.844080.15511.nullmailer@dev.openssl.org> The branch master has been updated via 352c7424739f080133f1309e1dff033cd66f2c4a (commit) from 4a137483e0f38397a1da6d9213f3c460147e42cf (commit) - Log ----------------------------------------------------------------- commit 352c7424739f080133f1309e1dff033cd66f2c4a Author: Richard Levitte Date: Thu Jul 16 15:39:04 2020 +0200 Add note about Alpha 5 in newsflash.txt Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/web/pull/189) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e10835a..163dd21 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it 05-Jun-2020: New Blog post: OpenSSL 3.0 Alpha3 Release From dev at ddvo.net Thu Jul 16 13:49:42 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 16 Jul 2020 13:49:42 +0000 Subject: [openssl] master update Message-ID: <1594907382.685667.2003.nullmailer@dev.openssl.org> The branch master has been updated via 0b670a2101c6cdcc3f2a4ed168f75243fe082a2b (commit) via 1337a3a998b7dacd55e31c21bb9c647099e63e86 (commit) from 318565b73374a3821dbd00d1d0e598e957fc45c9 (commit) - Log ----------------------------------------------------------------- commit 0b670a2101c6cdcc3f2a4ed168f75243fe082a2b Author: Dr. David von Oheimb Date: Fri Jul 3 21:19:55 2020 +0200 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12375) commit 1337a3a998b7dacd55e31c21bb9c647099e63e86 Author: Dr. David von Oheimb Date: Mon Jul 13 17:13:48 2020 +0200 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12375) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 4 +-- apps/x509.c | 2 +- crypto/cmp/cmp_msg.c | 4 +-- crypto/cms/cms_lib.c | 4 +-- crypto/ess/ess_lib.c | 4 +-- crypto/pkcs7/pk7_doit.c | 2 +- crypto/pkcs7/pk7_lib.c | 4 +-- crypto/x509/t_x509.c | 3 +- crypto/x509/v3_akey.c | 2 +- crypto/x509/v3_purp.c | 6 ++-- crypto/x509/x509_vfy.c | 54 +++++++++++++++++++++++--------- crypto/x509/x_crl.c | 2 +- doc/man1/openssl.pod | 9 +++--- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 14 +++++---- include/openssl/x509v3.h | 2 +- 15 files changed, 72 insertions(+), 44 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index d91b39c91c..d0309ae15c 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1049,7 +1049,7 @@ end_of_options: for (i = 0; i < sk_X509_num(cert_sk); i++) { BIO *Cout = NULL; X509 *xi = sk_X509_value(cert_sk, i); - ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi); + const ASN1_INTEGER *serialNumber = X509_get0_serialNumber(xi); const unsigned char *psn = ASN1_STRING_get0_data(serialNumber); const int snl = ASN1_STRING_length(serialNumber); const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem"); @@ -2113,7 +2113,7 @@ static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0); - bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL); + bn = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); if (!bn) goto end; if (BN_is_zero(bn)) diff --git a/apps/x509.c b/apps/x509.c index c64c7d2811..bf168b7863 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -693,7 +693,7 @@ int x509_main(int argc, char **argv) X509_get_subject_name(x), get_nameopt()); } else if (serial == i) { BIO_printf(out, "serial="); - i2a_ASN1_INTEGER(out, X509_get_serialNumber(x)); + i2a_ASN1_INTEGER(out, X509_get0_serialNumber(x)); BIO_printf(out, "\n"); } else if (next_serial == i) { ASN1_INTEGER *ser = X509_get_serialNumber(x); diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index bbc3e9157e..c5a9dbccf8 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -298,7 +298,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) if (bodytype == OSSL_CMP_PKIBODY_KUR) { OSSL_CRMF_CERTID *cid = OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), - X509_get_serialNumber(refcert)); + X509_get0_serialNumber(refcert)); int ret; if (cid == NULL) @@ -469,7 +469,7 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) NULL /* pubkey would be redundant */, NULL /* subject would be redundant */, X509_get_issuer_name(ctx->oldCert), - X509_get_serialNumber(ctx->oldCert))) + X509_get0_serialNumber(ctx->oldCert))) goto err; /* revocation reason code is optional */ diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 89dfc15081..67f4fbb4ea 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -553,7 +553,7 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert)); if (ret) return ret; - return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert)); + return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert)); } int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) @@ -573,7 +573,7 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) goto err; if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert))) goto err; - if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert))) + if (!ASN1_STRING_copy(ias->serialNumber, X509_get0_serialNumber(cert))) goto err; M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); *pias = ias; diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 3f418235ad..4a7a2632ba 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -89,7 +89,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) name = NULL; /* Ownership is lost. */ ASN1_INTEGER_free(cid->issuer_serial->serial); if ((cid->issuer_serial->serial = - ASN1_INTEGER_dup(X509_get_serialNumber(cert))) == NULL) + ASN1_INTEGER_dup(X509_get0_serialNumber(cert))) == NULL) goto err; return cid; @@ -183,7 +183,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, goto err; name = NULL; /* Ownership is lost. */ ASN1_INTEGER_free(cid->issuer_serial->serial); - cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert)); if (cid->issuer_serial->serial == NULL) goto err; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 718b6f3899..b815a4a77b 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -354,7 +354,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) X509_get_issuer_name(pcert)); if (ret) return ret; - return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert), + return ASN1_INTEGER_cmp(X509_get0_serialNumber(pcert), ri->issuer_and_serial->serial); } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 32e2ffc820..cb8c67b65a 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -324,7 +324,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, */ ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = - ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) goto err; /* lets keep the pkey around for a while */ @@ -477,7 +477,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = - ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) return 0; pkey = X509_get0_pubkey(x509); diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 75d688c50e..199f88857b 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -55,7 +55,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, int ret = 0, i; char *m = NULL, mlch = ' '; int nmindent = 0; - ASN1_INTEGER *bs; EVP_PKEY *pkey = NULL; const char *neg; @@ -84,11 +83,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } } if (!(cflag & X509_FLAG_NO_SERIAL)) { + const ASN1_INTEGER *bs = X509_get0_serialNumber(x); if (BIO_write(bp, " Serial Number:", 22) <= 0) goto err; - bs = X509_get_serialNumber(x); if (bs->length <= (int)sizeof(long)) { ERR_set_mark(); l = ASN1_INTEGER_get(bs); diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c index a40963d9f0..65019a5a12 100644 --- a/crypto/x509/v3_akey.c +++ b/crypto/x509/v3_akey.c @@ -132,7 +132,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, if ((issuer && !ikeyid) || (issuer == 2)) { isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert)); if (!isname || !serial) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 0fcf53a5ea..4a2b549199 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -533,6 +533,7 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) /* .. and the signature alg matches the PUBKEY alg: */ && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ + /* This is very related to x509_likely_issued(x, x) == X509_V_OK */ } /* Handle subject alternative names and various other extensions */ @@ -865,6 +866,7 @@ int x509_likely_issued(X509 *issuer, X509 *subject, X509_get_issuer_name(subject)) != 0) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + /* set issuer->skid and subject->akid */ if (!X509v3_cache_extensions(issuer, libctx, propq) || !X509v3_cache_extensions(subject, libctx, propq)) return X509_V_ERR_UNSPECIFIED; @@ -899,7 +901,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) return x509_check_issued_int(issuer, subject, NULL, NULL); } -int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) +int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid) { if (akid == NULL) return X509_V_OK; @@ -910,7 +912,7 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) return X509_V_ERR_AKID_SKID_MISMATCH; /* Check serial number */ if (akid->serial && - ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) + ASN1_INTEGER_cmp(X509_get0_serialNumber(issuer), akid->serial)) return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; /* Check issuer name */ if (akid->issuer) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1f17c71bc1..3bd23d131c 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1746,6 +1746,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) return 1; } +/* verify the issuer signatures and cert times of ctx->chain */ static int internal_verify(X509_STORE_CTX *ctx) { int n = sk_X509_num(ctx->chain) - 1; @@ -1760,15 +1761,15 @@ static int internal_verify(X509_STORE_CTX *ctx) if (ctx->bare_ta_signed) { xs = xi; xi = NULL; - goto check_cert; + goto check_cert_time; } - if (ctx->check_issued(ctx, xi, xi)) /* the last cert appears self-signed */ - xs = xi; + if (ctx->check_issued(ctx, xi, xi)) + xs = xi; /* the typical case: last cert in the chain is self-issued */ else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { xs = xi; - goto check_cert; + goto check_cert_time; } if (n <= 0) return verify_cb_cert(ctx, xi, 0, @@ -1784,31 +1785,54 @@ static int internal_verify(X509_STORE_CTX *ctx) */ while (n >= 0) { /* + * For each iteration of this loop: + * n is the subject depth + * xs is the subject cert, for which the signature is to be checked + * xi is the supposed issuer cert containing the public key to use + * Initially xs == xi if the last cert in the chain is self-issued. + * * Skip signature check for self-signed certificates unless explicitly * asked for because it does not add any security and just wastes time. - * If the issuer's public key is not available or its key usage does - * not support issuing the subject cert, report the issuer certificate - * and its depth (rather than the depth of the subject). */ - if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE) + && (xi->ex_flags & EXFLAG_SS) != 0)) { EVP_PKEY *pkey; - int issuer_depth = n + (xi == xs ? 0 : 1); - int ret = x509_signing_allowed(xi, xs); + /* + * If the issuer's public key is not available or its key usage + * does not support issuing the subject cert, report the issuer + * cert and its depth (rather than n, the depth of the subject). + */ + int issuer_depth = n + (xs == xi ? 0 : 1); + /* + * According to https://tools.ietf.org/html/rfc5280#section-6.1.4 + * step (n) we must check any given key usage extension in a CA cert + * when preparing the verification of a certificate issued by it. + * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + * we must not verify a certifiate signature if the key usage of the + * CA certificate that issued the certificate prohibits signing. + * In case the 'issuing' certificate is the last in the chain and is + * not a CA certificate but a 'self-issued' end-entity cert (i.e., + * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply + * (see https://tools.ietf.org/html/rfc6818#section-2) and thus + * we are free to ignore any key usage restrictions on such certs. + */ + int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0 + ? X509_V_OK : x509_signing_allowed(xi, xs); if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; if ((pkey = X509_get0_pubkey(xi)) == NULL) { - if (!verify_cb_cert(ctx, xi, issuer_depth, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + if (!verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; } else if (X509_verify_ex(xs, pkey, ctx->libctx, ctx->propq) <= 0) { - if (!verify_cb_cert(ctx, xs, n, - X509_V_ERR_CERT_SIGNATURE_FAILURE)) + ret = X509_V_ERR_CERT_SIGNATURE_FAILURE; + if (!verify_cb_cert(ctx, xs, n, ret)) return 0; } } - check_cert: + check_cert_time: /* Calls verify callback as needed */ if (!x509_check_cert_time(ctx, xs, n)) return 0; diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 0d3e1fedb4..1690dd8963 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -370,7 +370,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) { if (crl->meth->crl_lookup) return crl->meth->crl_lookup(crl, ret, - X509_get_serialNumber(x), + X509_get0_serialNumber(x), X509_get_issuer_name(x)); return 0; } diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index dbab509be4..f075e2170b 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -967,10 +967,11 @@ This certificate may be self-issued or belong to an intermediate CA. =item B<-check_ss_sig> -Verify the signature on the last certificate in a chain -even when it is a self-signed (root CA) certificate. -By default in this case the check is disabled -because it does not add any security. +Verify the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +This verification is disabled by default because it doesn't add any security. =item B<-allow_proxy_certs> diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 72da4cb143..4f067c877c 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -283,13 +283,15 @@ they are enabled. If B is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. -B requires verifying the signature of the last -certificate in a chain even when it is a self-signed (root CA) certificate. -In this case the check is disabled by default because it does not +B requests checking the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the I bit. +By default this check is disabled because it doesn't add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the root CA -signature is that disabled or unsupported message digests on the root CA -are not treated as fatal errors. +check the signature anyway. A side effect of not checking the self-signature +of such a certificate is that disabled or unsupported message digests used for +the signature are not treated as fatal errors. When B is set, which is always the case since OpenSSL 1.1.0, construction of the certificate chain diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index e7d36638b2..6a207f65d1 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -667,7 +667,7 @@ int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); -int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid); void X509_set_proxy_flag(X509 *x); void X509_set_proxy_pathlen(X509 *x, long l); long X509_get_proxy_pathlen(X509 *x); From builds at travis-ci.com Thu Jul 16 14:45:50 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 14:45:50 +0000 Subject: Errored: openssl/openssl#36151 (master - ecca5b6) In-Reply-To: Message-ID: <5f10681d1f27a_13ff31340a150494992@travis-pro-tasks-6c87f6974d-9szrj.mail> Build Update for openssl/openssl ------------------------------------- Build: #36151 Status: Errored Duration: 1 hr, 29 mins, and 22 secs Commit: ecca5b6 (master) Author: Pauli Message: capabilities: make capability selection case insensitive. Everything else to do with algorithm selection and properties is case insensitive. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12450) View the changeset: https://github.com/openssl/openssl/compare/81ed433cf835...ecca5b6e2ea5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175831098?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 16 18:32:30 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 18:32:30 +0000 Subject: Errored: openssl/openssl#36157 (master - 8dab4de) In-Reply-To: Message-ID: <5f109d3dbadeb_13f8d771a838c330010@travis-pro-tasks-676b75db64-pfdrp.mail> Build Update for openssl/openssl ------------------------------------- Build: #36157 Status: Errored Duration: 1 hr, 24 mins, and 7 secs Commit: 8dab4de (master) Author: Richard Levitte Message: Add latest changes and news in CHANGES.md and NEWS.md - Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of the ENGINE API Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12461) View the changeset: https://github.com/openssl/openssl/compare/ecca5b6e2ea5...8dab4de53887 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175868980?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Thu Jul 16 19:46:39 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 16 Jul 2020 19:46:39 +0000 Subject: [openssl] master update Message-ID: <1594928799.075022.8189.nullmailer@dev.openssl.org> The branch master has been updated via cb9bb7350d4192553683e61e64894e8ed197b44c (commit) via 1e76cb002a8d89b66b67214921b921c4cb9f6506 (commit) from 0b670a2101c6cdcc3f2a4ed168f75243fe082a2b (commit) - Log ----------------------------------------------------------------- commit cb9bb7350d4192553683e61e64894e8ed197b44c Author: Dr. David von Oheimb Date: Fri Jul 3 14:19:43 2020 +0200 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12359) commit 1e76cb002a8d89b66b67214921b921c4cb9f6506 Author: Dr. David von Oheimb Date: Thu Jul 2 17:59:55 2020 +0200 test/run_tests.pl: In parallel runs, start those tests first that run longest Also untabify the Perl source file. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12359) ----------------------------------------------------------------------- Summary of changes: fuzz/README.md | 16 +++++++++- test/README.md | 4 +++ test/recipes/99-test_fuzz.t | 41 +++++++++++------------- test/recipes/fuzz.pl | 31 ++++++++++++++++++ test/run_tests.pl | 76 +++++++++++++++++++++++++-------------------- 5 files changed, 111 insertions(+), 57 deletions(-) create mode 100644 test/recipes/fuzz.pl diff --git a/fuzz/README.md b/fuzz/README.md index a713f85325..deb7a43168 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -99,7 +99,7 @@ Reproducing issues If a fuzzer generates a reproducible error, you can reproduce the problem using the fuzz/*-test binaries and the file generated by the fuzzer. They binaries -don't need to be build for fuzzing, there is no need to set CC or the call +don't need to be built for fuzzing, there is no need to set CC or the call config with enable-fuzz-* or -fsanitize-coverage, but some of the other options above might be needed. For instance the enable-asan or enable-ubsan option might be useful to show you when the problem happens. For the client and server fuzzer @@ -110,6 +110,20 @@ To reproduce the crash you can run: fuzz/$FUZZER-test $file +To do all the tests of a specific fuzzer such as asn1 you can run + + fuzz/asn1-test fuzz/corpora/asn1 +or + make test TESTS=fuzz_test FUZZ_TESTS=asn1 + +To run several fuzz tests you can use for instance: + + make test TESTS=test_fuzz FUZZ_TESTS="cmp cms" + +To run all fuzz tests you can use: + + make test TESTS=test_fuzz + Random numbers -------------- diff --git a/test/README.md b/test/README.md index f9058a0026..f4f0574aef 100644 --- a/test/README.md +++ b/test/README.md @@ -121,6 +121,10 @@ Run all tests in test groups 80 to 99 except for tests in group 90: $ make TESTS='[89]? -90' test +To run specific fuzz tests you can use for instance: + + $ make test TESTS=test_fuzz FUZZ_TESTS="cmp cms" + To stochastically verify that the algorithm that produces uniformly distributed random numbers is operating correctly (with a false positive rate of 0.01%): diff --git a/test/recipes/99-test_fuzz.t b/test/recipes/99-test_fuzz.t index c9e2c961e4..8bacad47de 100644 --- a/test/recipes/99-test_fuzz.t +++ b/test/recipes/99-test_fuzz.t @@ -9,35 +9,30 @@ use strict; use warnings; -use OpenSSL::Glob; use OpenSSL::Test qw/:DEFAULT srctop_file/; use OpenSSL::Test::Utils; setup("test_fuzz"); -my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'client', 'conf', 'crl', 'server', 'x509'); -if (!disabled("cmp")) { - push @fuzzers, 'cmp'; +my @fuzzers = (); + at fuzzers = split /\s+/, $ENV{FUZZ_TESTS} if $ENV{FUZZ_TESTS}; + +if (!@fuzzers) { + @fuzzers = ( + # those commented here as very slow could be moved to separate runs + 'asn1', # very slow + 'asn1parse', 'bignum', 'bndiv', 'conf','crl', + 'client', # very slow + 'server', # very slow + 'x509' + ); + push @fuzzers, 'cmp' if !disabled("cmp"); + push @fuzzers, 'cms' if !disabled("cms"); + push @fuzzers, 'ct' if !disabled("ct"); } -if (!disabled("cms")) { - push @fuzzers, 'cms'; -} -if (!disabled("ct")) { - push @fuzzers, 'ct'; -} -plan tests => scalar @fuzzers; -foreach my $f (@fuzzers) { - subtest "Fuzzing $f" => sub { - my @dirs = glob(srctop_file('fuzz', 'corpora', $f)); - push @dirs, glob(srctop_file('fuzz', 'corpora', "$f-*")); +plan tests => scalar @fuzzers + 1; # one more due to below require_ok(...) - plan skip_all => "No corpora for $f-test" unless @dirs; +require_ok(srctop_file('test','recipes','fuzz.pl')); - plan tests => scalar @dirs; - - foreach (@dirs) { - ok(run(fuzz(["$f-test", $_]))); - } - } -} +&fuzz_tests(@fuzzers); diff --git a/test/recipes/fuzz.pl b/test/recipes/fuzz.pl new file mode 100644 index 0000000000..795d85c1df --- /dev/null +++ b/test/recipes/fuzz.pl @@ -0,0 +1,31 @@ +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Glob; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +sub fuzz_tests { + my @fuzzers = @_; + + foreach my $f (@fuzzers) { + subtest "Fuzzing $f" => sub { + my @dir = glob(srctop_file('fuzz', 'corpora', "$f")); + + plan skip_all => "No directory fuzz/corpora/$f" unless @dir; + plan tests => scalar @dir; # likely 1 + + foreach (@dir) { + ok(run(fuzz(["$f-test", $_]))); + } + } + } +} + +1; diff --git a/test/run_tests.pl b/test/run_tests.pl index d47f7cf1e6..73d4d91931 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -70,44 +70,54 @@ open $openssl_args{'tap_copy'}, ">$outfilename" my @alltests = find_matching_tests("*"); my %tests = (); +sub reorder { + my $key = pop; + + # for parallel test runs, do slow tests first + if (defined $jobs && $jobs > 1 && $key =~ m/test_ssl_new|test_fuzz/) { + $key =~ s/(\d+)-/00-/; + } + return $key; +} + my $initial_arg = 1; foreach my $arg (@ARGV ? @ARGV : ('alltests')) { if ($arg eq 'list') { - foreach (@alltests) { - (my $x = basename($_)) =~ s|^[0-9][0-9]-(.*)\.t$|$1|; - print $x,"\n"; - } - exit 0; + foreach (@alltests) { + (my $x = basename($_)) =~ s|^[0-9][0-9]-(.*)\.t$|$1|; + print $x,"\n"; + } + exit 0; } if ($arg eq 'alltests') { - warn "'alltests' encountered, ignoring everything before that...\n" - unless $initial_arg; - %tests = map { $_ => basename($_) } @alltests; + warn "'alltests' encountered, ignoring everything before that...\n" + unless $initial_arg; + %tests = map { $_ => 1 } @alltests; } elsif ($arg =~ m/^(-?)(.*)/) { - my $sign = $1; - my $test = $2; - my @matches = find_matching_tests($test); - - # If '-foo' is the first arg, it's short for 'alltests -foo' - if ($sign eq '-' && $initial_arg) { - %tests = map { $_ => basename($_) } @alltests; - } - - if (scalar @matches == 0) { - warn "Test $test found no match, skipping ", - ($sign eq '-' ? "removal" : "addition"), - "...\n"; - } else { - foreach $test (@matches) { - if ($sign eq '-') { - delete $tests{$test}; - } else { - $tests{$test} = basename($test); - } - } - } + my $sign = $1; + my $test = $2; + my @matches = find_matching_tests($test); + + # If '-foo' is the first arg, it's short for 'alltests -foo' + if ($sign eq '-' && $initial_arg) { + %tests = map { $_ => 1 } @alltests; + } + + if (scalar @matches == 0) { + warn "Test $test found no match, skipping ", + ($sign eq '-' ? "removal" : "addition"), + "...\n"; + } else { + foreach $test (@matches) { + if ($sign eq '-') { + delete $tests{$test}; + } else { + $tests{$test} = 1; + } + } + } } else { - warn "I don't know what '$arg' is about, ignoring...\n"; + warn "I don't know what '$arg' is about, ignoring...\n"; } $initial_arg = 0; @@ -280,8 +290,8 @@ unless (defined $eres) { my $harness = $package->new(\%tapargs); my $ret = - $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), $tests{$_} ] } - sort keys %tests); + $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), basename($_) ] } + sort { reorder($a) cmp reorder($b) } keys %tests); # $ret->has_errors may be any number, not just 0 or 1. On VMS, numbers # from 2 and on are used as is as VMS statuses, which has severity encoded From builds at travis-ci.com Thu Jul 16 19:48:12 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 19:48:12 +0000 Subject: Errored: openssl/openssl#36158 (master - e4162f8) In-Reply-To: Message-ID: <5f10aefaec351_13f8d771a81ac51248c@travis-pro-tasks-676b75db64-pfdrp.mail> Build Update for openssl/openssl ------------------------------------- Build: #36158 Status: Errored Duration: 1 hr, 36 mins, and 23 secs Commit: e4162f8 (master) Author: Richard Levitte Message: DRBG: Fix the renamed functions after the EVP_MAC name reversal [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12186) View the changeset: https://github.com/openssl/openssl/compare/8dab4de53887...e4162f86d7fd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175870877?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Thu Jul 16 19:49:12 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 16 Jul 2020 19:49:12 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594928952.679986.10259.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 42bb51e59308b3ebc5cc1c35ff4822fba6b52d79 (commit) via e2590c3a162eb118c36b09c2168164283aa099b4 (commit) from e21519280b3c3e0b264632fd72ce503a9d9ced73 (commit) - Log ----------------------------------------------------------------- commit 42bb51e59308b3ebc5cc1c35ff4822fba6b52d79 Author: Dr. David von Oheimb Date: Fri Jul 3 21:19:55 2020 +0200 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12357) commit e2590c3a162eb118c36b09c2168164283aa099b4 Author: Dr. David von Oheimb Date: Tue Dec 24 11:25:15 2019 +0100 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() Move check that cert signing is allowed from x509v3_cache_extensions() to where it belongs: internal_verify(), generalize it for proxy cert signing. Correct and simplify check_issued(), now checking self-issued (not: self-signed). Add test case to 25-test_verify.t that demonstrates successful fix. As prerequisites, this adds the static function check_sig_alg_match() and the internal functions x509_likely_issued() and x509_signing_allowed(). This is a backport of the core of PR #10587. Fixes #1418 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12357) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_local.h | 2 + crypto/x509/x509_vfy.c | 88 ++++++++++++++++++++---------- crypto/x509v3/v3_purp.c | 64 ++++++++++++++++++---- doc/man1/verify.pod | 7 ++- doc/man3/X509_STORE_set_verify_cb_func.pod | 4 +- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 13 +++-- doc/man3/X509_check_issued.pod | 17 +++--- include/openssl/x509_vfy.h | 3 + test/certs/ee-self-signed.pem | 18 ++++++ test/certs/setup.sh | 3 + test/recipes/25-test_verify.t | 5 +- 11 files changed, 166 insertions(+), 58 deletions(-) create mode 100644 test/certs/ee-self-signed.pem diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h index c517a77456..6ac3c7eaa6 100644 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig); +int x509_likely_issued(X509 *issuer, X509 *subject); +int x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 5bd3c4c159..f30c0f8d38 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -104,7 +104,12 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed */ +/* + * Return 1 if given cert is considered self-signed, 0 if not or on error. + * This does not verify self-signedness but relies on x509v3_cache_extensions() + * matching issuer and subject names (i.e., the cert being self-issued) and any + * present authority key identifier matching the subject key identifier, etc. + */ static int cert_self_signed(X509 *x) { if (X509_check_purpose(x, -1, 0) != 1) @@ -325,30 +330,26 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) return rv; } -/* Given a possible certificate and issuer check them */ - +/* + * Check that the given certificate 'x' is issued by the certificate 'issuer' + * and the issuer is not yet in ctx->chain, where the exceptional case + * that 'x' is self-issued and ctx->chain has just one element is allowed. + */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - int ret; - if (x == issuer) - return cert_self_signed(x); - ret = X509_check_issued(issuer, x); - if (ret == X509_V_OK) { + if (x509_likely_issued(issuer, x) != X509_V_OK) + return 0; + if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) { int i; X509 *ch; - /* Special case: single self signed certificate */ - if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1) - return 1; + for (i = 0; i < sk_X509_num(ctx->chain); i++) { ch = sk_X509_value(ctx->chain, i); - if (ch == issuer || !X509_cmp(ch, issuer)) { - ret = X509_V_ERR_PATH_LOOP; - break; - } + if (ch == issuer || X509_cmp(ch, issuer) == 0) + return 0; } } - - return (ret == X509_V_OK); + return 1; } /* Alternative lookup method: look from a STACK stored in other_ctx */ @@ -1715,6 +1716,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) return 1; } +/* verify the issuer signatures and cert times of ctx->chain */ static int internal_verify(X509_STORE_CTX *ctx) { int n = sk_X509_num(ctx->chain) - 1; @@ -1733,7 +1735,7 @@ static int internal_verify(X509_STORE_CTX *ctx) } if (ctx->check_issued(ctx, xi, xi)) - xs = xi; + xs = xi; /* the typical case: last cert in the chain is self-issued */ else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { xs = xi; @@ -1752,22 +1754,50 @@ static int internal_verify(X509_STORE_CTX *ctx) * is allowed to reset errors (at its own peril). */ while (n >= 0) { - EVP_PKEY *pkey; - /* - * Skip signature check for self signed certificates unless explicitly - * asked for. It doesn't add any security and just wastes time. If - * the issuer's public key is unusable, report the issuer certificate - * and its depth (rather than the depth of the subject). + * For each iteration of this loop: + * n is the subject depth + * xs is the subject cert, for which the signature is to be checked + * xi is the supposed issuer cert containing the public key to use + * Initially xs == xi if the last cert in the chain is self-issued. + * + * Skip signature check for self-signed certificates unless explicitly + * asked for because it does not add any security and just wastes time. */ - if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE) + && (xi->ex_flags & EXFLAG_SS) != 0)) { + EVP_PKEY *pkey; + /* + * If the issuer's public key is not available or its key usage + * does not support issuing the subject cert, report the issuer + * cert and its depth (rather than n, the depth of the subject). + */ + int issuer_depth = n + (xs == xi ? 0 : 1); + /* + * According to https://tools.ietf.org/html/rfc5280#section-6.1.4 + * step (n) we must check any given key usage extension in a CA cert + * when preparing the verification of a certificate issued by it. + * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + * we must not verify a certifiate signature if the key usage of the + * CA certificate that issued the certificate prohibits signing. + * In case the 'issuing' certificate is the last in the chain and is + * not a CA certificate but a 'self-issued' end-entity cert (i.e., + * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply + * (see https://tools.ietf.org/html/rfc6818#section-2) and thus + * we are free to ignore any key usage restrictions on such certs. + */ + int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0 + ? X509_V_OK : x509_signing_allowed(xi, xs); + + if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret)) + return 0; if ((pkey = X509_get0_pubkey(xi)) == NULL) { - if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + if (!verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; } else if (X509_verify(xs, pkey) <= 0) { - if (!verify_cb_cert(ctx, xs, n, - X509_V_ERR_CERT_SIGNATURE_FAILURE)) + ret = X509_V_ERR_CERT_SIGNATURE_FAILURE; + if (!verify_cb_cert(ctx, xs, n, ret)) return 0; } } diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index f023c64895..2b06dba053 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -13,6 +13,7 @@ #include #include #include "crypto/x509.h" +#include "../x509/x509_local.h" /* for x509_signing_allowed() */ #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -344,6 +345,21 @@ static int setup_crldp(X509 *x) return 1; } +/* Check that issuer public key algorithm matches subject signature algorithm */ +static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) +{ + int pkey_nid; + + if (pkey == NULL) + return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), + NULL, &pkey_nid) == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey)) + return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; + return X509_V_OK; +} + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -496,11 +512,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; - /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK && - !ku_reject(x, KU_KEY_CERT_SIGN)) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); if (x->altname == NULL && i != -1) @@ -792,6 +808,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) return 1; } +/*- + * Check if certificate I is allowed to issue certificate I + * according to the B field of I if present + * depending on any proxyCertInfo extension of I. + * Returns 0 for OK, or positive for reason for rejection + * where reason codes match those for X509_verify_cert(). + */ +int x509_signing_allowed(const X509 *issuer, const X509 *subject) +{ + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; +} + /*- * Various checks to see if one certificate issued the second. * This can be used to prune a set of possible issuer certificates @@ -800,12 +833,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists check it matches issuer - * 3. If key_usage(issuer) exists check it supports certificate signing + * 3. Check that issuer public key algorithm matches subject signature algorithm + * 4. If key_usage(issuer) exists check it supports certificate signing * returns 0 for OK, positive for reason for mismatch, reasons match * codes for X509_verify_cert() */ int X509_check_issued(X509 *issuer, X509 *subject) +{ + int ret; + + if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) + return ret; + return x509_signing_allowed(issuer, subject); +} + +/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ +int x509_likely_issued(X509 *issuer, X509 *subject) { if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) @@ -824,12 +868,8 @@ int X509_check_issued(X509 *issuer, X509 *subject) return ret; } - if (subject->ex_flags & EXFLAG_PROXY) { - if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) - return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; - } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) - return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; - return X509_V_OK; + /* check if the subject signature alg matches the issuer's PUBKEY alg */ + return check_sig_alg_match(X509_get0_pubkey(issuer), subject); } int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod index 63ba850b91..18e803c8d6 100644 --- a/doc/man1/verify.pod +++ b/doc/man1/verify.pod @@ -98,8 +98,11 @@ current system time. B is the number of seconds since =item B<-check_ss_sig> -Verify the signature on the self-signed root CA. This is disabled by default -because it doesn't add any security. +Verify the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +This verification is disabled by default because it doesn't add any security. =item B<-CRLfile file> diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index d16881edd8..47de27d1c7 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -137,7 +137,9 @@ I X509_STORE_set_check_issued() sets the function to check that a given -certificate B is issued with the issuer certificate B. +certificate B is issued by the issuer certificate B and +the issuer is not yet in the chain contained in , where the exceptional +case that B is self-issued and ctx->chain has just one element is allowed. This function must return 0 on failure (among others if B hasn't been issued with B) and 1 on success. I is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. -B enables checking of the root CA self signed -certificate signature. By default this check is disabled because it doesn't +B requests checking the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +By default this check is disabled because it doesn't add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the root CA -signature is that disabled or unsupported message digests on the root CA -are not treated as fatal errors. +check the signature anyway. A side effect of not checking the self-signature +of such a certificate is that disabled or unsupported message digests used for +the signature are not treated as fatal errors. When B is set, construction of the certificate chain in L will search the trust store for issuer certificates diff --git a/doc/man3/X509_check_issued.pod b/doc/man3/X509_check_issued.pod index f9a541ef71..507198698c 100644 --- a/doc/man3/X509_check_issued.pod +++ b/doc/man3/X509_check_issued.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_check_issued - checks if certificate is issued by another +X509_check_issued - checks if certificate is apparently issued by another certificate =head1 SYNOPSIS @@ -14,13 +14,14 @@ certificate =head1 DESCRIPTION -This function checks if certificate I was issued using CA -certificate I. This function takes into account not only -matching of issuer field of I with subject field of I, -but also compares B extension of I with -B of I if B -present in the I certificate and checks B field of -I. +X509_check_issued() checks if certificate I was apparently issued +using (CA) certificate I. This function takes into account not only +matching of the issuer field of I with the subject field of I, +but also compares all sub-fields of the B extension of +I, as far as present, with the respective B, +serial number, and issuer fields of I, as far as present. It also checks +if the B field (if present) of I allows certificate signing. +It does not check the certificate signature. =head1 RETURN VALUES diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index adb8bce7cb..0f13739b79 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -184,6 +184,9 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ # define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ # define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 /* Certificate verify flags */ diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem new file mode 100644 index 0000000000..ad1e37ba0e --- /dev/null +++ b/test/certs/ee-self-signed.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN +MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU +fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC +76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz +BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl +V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv +0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP +MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO +lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G +d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI +ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 +CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK +wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 +WHoc +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index bbe4842a51..7e40f65b68 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -185,6 +185,9 @@ OPENSSL_SIGALG=md5 \ OPENSSL_KEYBITS=768 \ ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert +# self-signed end-entity cert with explicit keyUsage not including KeyCertSign +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature + # Proxy certificates, off of ee-client # Start with some good ones ./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \ diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index cf7842cdfd..0c643e583f 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 137; +plan tests => 138; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -368,6 +368,9 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"] ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"), "Public Key Algorithm rsa instead of rsaEncryption"); + ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []), + "accept trusted self-signed EE cert excluding key usage keyCertSign"); + SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 1 if disabled("ec"); From openssl at openssl.org Thu Jul 16 20:03:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 20:03:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1594929808.092009.32642.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3225, 883 wallclock secs (12.29 usr 1.42 sys + 786.31 cusr 60.53 csys = 860.55 CPU) Result: FAIL Makefile:3135: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3133: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 16 21:07:33 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 21:07:33 +0000 Subject: Errored: openssl/openssl#36160 (master - e39e295) In-Reply-To: Message-ID: <5f10c195107a2_13fd67e5a6f3810658b@travis-pro-tasks-76fcc4cff-ttp8d.mail> Build Update for openssl/openssl ------------------------------------- Build: #36160 Status: Errored Duration: 1 hr, 20 mins, and 54 secs Commit: e39e295 (master) Author: Richard Levitte Message: Update copyright year Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12463) View the changeset: https://github.com/openssl/openssl/compare/e4162f86d7fd...e39e295e205a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175875538?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 16 22:22:38 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 16 Jul 2020 22:22:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1594938158.437494.10664.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=205, Tests=2947, 772 wallclock secs (10.17 usr 1.25 sys + 708.82 cusr 52.07 csys = 772.31 CPU) Result: FAIL Makefile:2378: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2376: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 16 22:30:03 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 22:30:03 +0000 Subject: Errored: openssl/openssl#36162 (master - b013cf9) In-Reply-To: Message-ID: <5f10d4eb728c5_13fd67e5a69d41811e2@travis-pro-tasks-76fcc4cff-ttp8d.mail> Build Update for openssl/openssl ------------------------------------- Build: #36162 Status: Errored Duration: 1 hr, 23 mins, and 36 secs Commit: b013cf9 (master) Author: Richard Levitte Message: util/mktar.pl: Change 'VERSION' to 'VERSION.dat' This was forgotten when that file changed name, and that unfortunately disrupts releases. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12464) View the changeset: https://github.com/openssl/openssl/compare/e39e295e205a...b013cf90000a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175878075?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 16 23:57:09 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 16 Jul 2020 23:57:09 +0000 Subject: Errored: openssl/openssl#36165 (openssl-3.0.0-alpha5 - e70a2d9) In-Reply-To: Message-ID: <5f10e955221e8_13f7e195a47a05778e0@travis-pro-tasks-76fcc4cff-2bfbv.mail> Build Update for openssl/openssl ------------------------------------- Build: #36165 Status: Errored Duration: 1 hr, 29 mins, and 26 secs Commit: e70a2d9 (openssl-3.0.0-alpha5) Author: Richard Levitte Message: Prepare for release of 3.0 alpha 5 Reviewed-by: Nicola Tuveri View the changeset: https://github.com/openssl/openssl/commit/e70a2d9f139e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175880856?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 17 01:10:20 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 17 Jul 2020 01:10:20 +0000 Subject: Errored: openssl/openssl#36166 (master - 318565b) In-Reply-To: Message-ID: <5f10fa7a6b31d_13f9732da92ac3888e@travis-pro-tasks-7d84c97d5f-pffns.mail> Build Update for openssl/openssl ------------------------------------- Build: #36166 Status: Errored Duration: 59 mins and 11 secs Commit: 318565b (master) Author: Richard Levitte Message: Prepare for 3.0 alpha 6 Reviewed-by: Nicola Tuveri View the changeset: https://github.com/openssl/openssl/compare/b013cf90000a...318565b73374 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175881017?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 17 02:25:15 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 17 Jul 2020 02:25:15 +0000 Subject: Errored: openssl/openssl#36167 (master - 0b670a2) In-Reply-To: Message-ID: <5f110c0aeb10f_13fc989e16b7021693c@travis-pro-tasks-7d84c97d5f-92twv.mail> Build Update for openssl/openssl ------------------------------------- Build: #36167 Status: Errored Duration: 1 hr, 29 mins, and 24 secs Commit: 0b670a2 (master) Author: Dr. David von Oheimb Message: x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12375) View the changeset: https://github.com/openssl/openssl/compare/318565b73374...0b670a2101c6 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175884109?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Fri Jul 17 03:52:40 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Fri, 17 Jul 2020 03:52:40 +0000 Subject: [openssl] master update Message-ID: <1594957960.878694.27989.nullmailer@dev.openssl.org> The branch master has been updated via 8e78da06660b269fbdf8faba6bc3a356ee3fda5e (commit) from cb9bb7350d4192553683e61e64894e8ed197b44c (commit) - Log ----------------------------------------------------------------- commit 8e78da06660b269fbdf8faba6bc3a356ee3fda5e Author: Shane Lontis Date: Wed Jul 15 11:49:57 2020 +1000 Fix trailing whitespace mismatch error when running 02-test_errstr. Fixes #12449 On a aix7_ppc32 machine the error was of the form match 'Previous owner died ' (2147483743) with one of ( 'Previous owner died', 'reason(95)' ) Stripping the trailing whitespace from the system error will address this issue. Suggested fix by @pauldale. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12451) ----------------------------------------------------------------------- Summary of changes: test/recipes/02-test_errstr.t | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t index a63812f397..7c382b4124 100644 --- a/test/recipes/02-test_errstr.t +++ b/test/recipes/02-test_errstr.t @@ -49,7 +49,7 @@ use constant ERR_LIB_NONE => 1; plan tests => scalar @Errno::EXPORT_OK +1 # Checking that error 128 gives 'reason(128)' +1 # Checking that error 0 gives the library name - ; + +1; # Check trailing whitespace is removed. # Test::More:ok() has a sub prototype, which means we need to use the '&ok' # syntax to force it to accept a list as a series of arguments. @@ -66,6 +66,7 @@ foreach my $errname (@Errno::EXPORT_OK) { # Reason code 0 of any library gives the library name as reason &ok(match_opensslerr_reason(ERR_LIB_NONE << ERR_LIB_OFFSET | 0, "unknown library")); +&ok(match_any("Trailing whitespace \n\t", "?", ( "Trailing whitespace" ))); exit 0; @@ -93,6 +94,9 @@ sub match_any { my $desc = shift; my @strings = @_; + # ignore trailing whitespace + $first =~ s/\s+$//; + if (scalar @strings > 1) { $desc = "match '$first' ($desc) with one of ( '" . join("', '", @strings) . "' )"; From openssl at openssl.org Fri Jul 17 04:26:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 04:26:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1594959988.057122.19888.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4116: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3086: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Fri Jul 17 05:23:20 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 17 Jul 2020 05:23:20 +0000 Subject: Errored: openssl/openssl#36172 (master - cb9bb73) In-Reply-To: Message-ID: <5f1135c82949d_13fda4d0a91c014043e@travis-pro-tasks-68b6f7698d-4r2dp.mail> Build Update for openssl/openssl ------------------------------------- Build: #36172 Status: Errored Duration: 1 hr, 25 mins, and 25 secs Commit: cb9bb73 (master) Author: Dr. David von Oheimb Message: 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12359) View the changeset: https://github.com/openssl/openssl/compare/0b670a2101c6...cb9bb7350d41 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175951660?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 17 05:23:47 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 17 Jul 2020 05:23:47 +0000 Subject: Build failed: openssl master.35636 Message-ID: <20200717052347.1.267277FD2FFFA0BD@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 17 05:52:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 17 Jul 2020 05:52:08 +0000 Subject: Build failed: openssl master.35638 Message-ID: <20200717055208.1.A57C2C911CA15F82@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 17 09:16:37 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 17 Jul 2020 09:16:37 +0000 Subject: Build completed: openssl master.35639 Message-ID: <20200717091637.1.8F87F050334B9583@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 17 09:25:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 09:25:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1594977902.999266.24695.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_public.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha5-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4123: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3093: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Fri Jul 17 10:51:25 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 17 Jul 2020 10:51:25 +0000 Subject: Errored: openssl/openssl#36180 (master - 8e78da0) In-Reply-To: Message-ID: <5f1182ad40688_13fc49e22a7fc47864b@travis-pro-tasks-65787fd48-fh9xq.mail> Build Update for openssl/openssl ------------------------------------- Build: #36180 Status: Errored Duration: 1 hr, 28 mins, and 19 secs Commit: 8e78da0 (master) Author: Shane Lontis Message: Fix trailing whitespace mismatch error when running 02-test_errstr. Fixes #12449 On a aix7_ppc32 machine the error was of the form match 'Previous owner died ' (2147483743) with one of ( 'Previous owner died', 'reason(95)' ) Stripping the trailing whitespace from the system error will address this issue. Suggested fix by @pauldale. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12451) View the changeset: https://github.com/openssl/openssl/compare/cb9bb7350d41...8e78da06660b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175996680?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Fri Jul 17 12:16:47 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 17 Jul 2020 12:16:47 +0000 Subject: [openssl] master update Message-ID: <1594988207.962086.26904.nullmailer@dev.openssl.org> The branch master has been updated via b99c463d78ecad29f89165fc64a281faafa9461c (commit) via 45554b5c71403fec547fe0f56be558cc615c6966 (commit) from 8e78da06660b269fbdf8faba6bc3a356ee3fda5e (commit) - Log ----------------------------------------------------------------- commit b99c463d78ecad29f89165fc64a281faafa9461c Author: Pauli Date: Wed Jul 1 11:09:38 2020 +1000 install: add notes about ignored seed sources in the FIPS provider. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12325) commit 45554b5c71403fec547fe0f56be558cc615c6966 Author: Pauli Date: Tue Jun 30 13:15:05 2020 +1000 rand: detect if FIPS approved randomness sources are being used. This boils down to the operating system sources and RDRAND. All other sources are not available in the FIPS module. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12325) ----------------------------------------------------------------------- Summary of changes: INSTALL.md | 6 +++- .../implementations/rands/seeding/rand_unix.c | 34 +++++++++++++++++++++- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 3ad854823b..01e255df7e 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -447,6 +447,7 @@ on most unix-ish operating systems. ### egd Check for an entropy generating daemon. +This source is ignored by the FIPS provider. ### rdcpu @@ -455,11 +456,13 @@ Use the `RDSEED` or `RDRAND` command if provided by the CPU. ### librandom Use librandom (not implemented yet). +This source is ignored by the FIPS provider. ### none Disable automatic seeding. This is the default on some operating systems where no suitable entropy source exists, or no support for it is implemented yet. +This option is ignored by the FIPS provider. For more information, see the section [Notes on random number generation][rng] at the end of this document. @@ -1689,7 +1692,8 @@ The seeding method can be configured using the `--with-rand-seed` option, which can be used to specify a comma separated list of seed methods. However, in most cases OpenSSL will choose a suitable default method, so it is not necessary to explicitly provide this option. Note also -that not all methods are available on all platforms. +that not all methods are available on all platforms. The FIPS provider will +silently ignore seed sources that were not validated. I) On operating systems which provide a suitable randomness source (in form of a system call or system device), OpenSSL will use the optimal diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index 69fa3f841e..26d81d6054 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -37,6 +37,36 @@ # include #endif +/* + * Provide a compile time error if the FIPS module is being built and none + * of the supported entropy sources are available. + */ +#if defined(FIPS_MODULE) +# if !defined(OPENSSL_RAND_SEED_GETRANDOM) \ + && !defined(OPENSSL_RAND_SEED_DEVRANDOM) \ + && !defined(OPENSSL_RAND_SEED_RDCPU) \ + && !defined(OPENSSL_RAND_SEED_OS) +# error FIPS mode without supported randomness source +# endif +/* Remove the sources that are not permitted in FIPS */ +# ifdef OPENSSL_RAND_SEED_LIBRANDOM +# undef OPENSSL_RAND_SEED_LIBRANDOM +# warning FIPS mode does not support the _librandom_ randomness source +# endif +# ifdef OPENSSL_RAND_SEED_RDTSC +# undef OPENSSL_RAND_SEED_RDTSC +# warning FIPS mode does not support the _RDTSC_ randomness source +# endif +# ifdef OPENSSL_RAND_SEED_EGD +# undef OPENSSL_RAND_SEED_EGD +# warning FIPS mode does not support the _EGD_ randomness source +# endif +# ifdef OPENSSL_RAND_SEED_NONE +# undef OPENSSL_RAND_SEED_NONE +# warning FIPS mode does not support the _none_ randomness source +# endif +#endif + #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ || defined(__DJGPP__) # include @@ -609,7 +639,9 @@ size_t prov_pool_acquire_entropy(RAND_POOL *pool) # if defined(OPENSSL_RAND_SEED_NONE) return rand_pool_entropy_available(pool); # else - size_t entropy_available; + size_t entropy_available = 0; + + (void)entropy_available; /* avoid compiler warning */ # if defined(OPENSSL_RAND_SEED_GETRANDOM) { From pauli at openssl.org Fri Jul 17 12:22:58 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 17 Jul 2020 12:22:58 +0000 Subject: [openssl] master update Message-ID: <1594988578.760524.29974.nullmailer@dev.openssl.org> The branch master has been updated via 3fc164e8d18dcdef57d297956debf8d966e7fbef (commit) from b99c463d78ecad29f89165fc64a281faafa9461c (commit) - Log ----------------------------------------------------------------- commit 3fc164e8d18dcdef57d297956debf8d966e7fbef Author: Pauli Date: Tue Jul 14 08:39:32 2020 +1000 doc: Fix documentation of EVP_EncryptUpdate(). The documentation was off by one for the length this function could return. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12435) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncryptInit.pod | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index d40402ba1d..6edd8dc154 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -210,10 +210,15 @@ specified. EVP_EncryptUpdate() encrypts B bytes from the buffer B and writes the encrypted version to B. This function can be called multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B should contain sufficient -room. The actual number of bytes written is placed in B. It also +of data written depends on the block alignment of the encrypted data. +For most ciphers and modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size - 1) bytes. +For wrap cipher modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size) bytes. +For stream ciphers, the amount of data written can be anything from zero +bytes to inl bytes. +Thus, B should contain sufficient room for the operation being performed. +The actual number of bytes written is placed in B. It also checks if B and B are partially overlapping, and if they are 0 is returned to indicate failure. From pauli at openssl.org Fri Jul 17 12:23:53 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 17 Jul 2020 12:23:53 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1594988633.576079.32401.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a47dd08d6cacc64536c2f57e0f0aee03dcfaab3d (commit) from 42bb51e59308b3ebc5cc1c35ff4822fba6b52d79 (commit) - Log ----------------------------------------------------------------- commit a47dd08d6cacc64536c2f57e0f0aee03dcfaab3d Author: Pauli Date: Tue Jul 14 08:39:32 2020 +1000 doc: Fix documentation of EVP_EncryptUpdate(). The documentation was off by one for the length this function could return. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12435) (cherry picked from commit 3fc164e8d18dcdef57d297956debf8d966e7fbef) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncryptInit.pod | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 2828bca2f8..23ddf9153d 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -146,10 +146,15 @@ appropriate. EVP_EncryptUpdate() encrypts B bytes from the buffer B and writes the encrypted version to B. This function can be called multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B should contain sufficient -room. The actual number of bytes written is placed in B. It also +of data written depends on the block alignment of the encrypted data. +For most ciphers and modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size - 1) bytes. +For wrap cipher modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size) bytes. +For stream ciphers, the amount of data written can be anything from zero +bytes to inl bytes. +Thus, B should contain sufficient room for the operation being performed. +The actual number of bytes written is placed in B. It also checks if B and B are partially overlapping, and if they are 0 is returned to indicate failure. From openssl at openssl.org Fri Jul 17 13:10:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 13:10:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1594991424.001675.8852.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40C78F7EB07F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40571D1D007F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40571D1D007F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:400: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3225, 1753 wallclock secs (13.89 usr 1.53 sys + 1661.09 cusr 81.57 csys = 1758.08 CPU) Result: FAIL Makefile:3122: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3120: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 17 13:34:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 13:34:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1594992871.469203.25748.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3225, 880 wallclock secs (12.91 usr 1.34 sys + 773.96 cusr 59.98 csys = 848.19 CPU) Result: FAIL Makefile:3135: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3133: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Jul 17 14:06:32 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 17 Jul 2020 14:06:32 +0000 Subject: Errored: openssl/openssl#36190 (master - b99c463) In-Reply-To: Message-ID: <5f11b0678cf3_13f99f7d2fde0339711@travis-pro-tasks-758bbdffdd-ldhff.mail> Build Update for openssl/openssl ------------------------------------- Build: #36190 Status: Errored Duration: 1 hr, 31 mins, and 8 secs Commit: b99c463 (master) Author: Pauli Message: install: add notes about ignored seed sources in the FIPS provider. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12325) View the changeset: https://github.com/openssl/openssl/compare/8e78da06660b...b99c463d78ec View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176044938?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 17 15:19:23 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 17 Jul 2020 15:19:23 +0000 Subject: Errored: openssl/openssl#36191 (master - 3fc164e) In-Reply-To: Message-ID: <5f11c17b261d1_13f99f7cc6cc8568760@travis-pro-tasks-758bbdffdd-ldhff.mail> Build Update for openssl/openssl ------------------------------------- Build: #36191 Status: Errored Duration: 1 hr, 30 mins, and 7 secs Commit: 3fc164e (master) Author: Pauli Message: doc: Fix documentation of EVP_EncryptUpdate(). The documentation was off by one for the length this function could return. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12435) View the changeset: https://github.com/openssl/openssl/compare/b99c463d78ec...3fc164e8d18d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176045640?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 17 16:22:52 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 16:22:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1595002972.697023.16645.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3222, 849 wallclock secs (12.78 usr 1.33 sys + 782.63 cusr 61.66 csys = 858.40 CPU) Result: FAIL Makefile:3134: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3132: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 17 19:04:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 19:04:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1595012655.588969.1334.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0D01E417F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F0D01E417F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F0D01E417F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/o2Cbr_gOjI default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070F1B4C57F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070F1B4C57F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070F1B4C57F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070F1B4C57F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070F1B4C57F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070F1B4C57F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/o2Cbr_gOjI fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3224, 866 wallclock secs (13.21 usr 1.41 sys + 793.91 cusr 64.55 csys = 873.08 CPU) Result: FAIL Makefile:3143: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3141: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 17 21:25:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 21:25:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1595021154.307561.4433.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C000130E137F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C000130E137F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C000130E137F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/3opnreT8mo default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0106766C17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0106766C17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0106766C17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0106766C17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0106766C17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0106766C17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/3opnreT8mo fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3224, 870 wallclock secs (13.31 usr 1.47 sys + 800.49 cusr 63.58 csys = 878.85 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 17 22:12:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 17 Jul 2020 22:12:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1595023967.635551.4847.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 55affcadbe Configure: fix minor typo in apitable comment e45d943665 Add FIPS related configuration data to the default openssl application configuration file 5744dacb3a Make -provider_name and -section_name optional d3b243d15b Use defaults FIPSKEY if not given on command line 7cc355c2e4 Add AES_CBC_CTS ciphers to providers c35b853576 Enable WinCE build without deceiving _MSC_VER. a1736f37ae To generate makefile with correct parameters for WinCE. 7a09fab2b3 Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html 6c2a56beec Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. ce3080e931 DRBG: rename the DRBG taxonomy. d35bab46c9 Configurations: make Makefile tmpl files non-links Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B009090D7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B009090D7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B009090D7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B009090D7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/ptDCfKAG3a default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C01D604E7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0C01D604E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0C01D604E7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0C01D604E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8201 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/ptDCfKAG3a fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3146, 797 wallclock secs (11.36 usr 1.21 sys + 731.09 cusr 57.53 csys = 801.19 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Sat Jul 18 06:55:20 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 18 Jul 2020 06:55:20 +0000 Subject: [openssl] master update Message-ID: <1595055320.255476.4748.nullmailer@dev.openssl.org> The branch master has been updated via a85c9021252e4ab53a15b46e773808864a63d3d1 (commit) from 3fc164e8d18dcdef57d297956debf8d966e7fbef (commit) - Log ----------------------------------------------------------------- commit a85c9021252e4ab53a15b46e773808864a63d3d1 Author: Pauli Date: Thu Jul 16 11:15:42 2020 +1000 mac: always pass a non-NULL output size pointer to providers. The backend code varies for the different MACs and sometimes sets the output length, sometimes checks the return pointer and sometimes neither. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12458) ----------------------------------------------------------------------- Summary of changes: crypto/evp/mac_lib.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index b7bfe8921f..a5c1b44666 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -120,15 +120,14 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *outl, size_t outsize) { - int l = EVP_MAC_size(ctx); + size_t l = EVP_MAC_size(ctx); + int res = 1; - if (l < 0) - return 0; + if (out != NULL) + res = ctx->meth->final(ctx->data, out, &l, outsize); if (outl != NULL) *outl = l; - if (out == NULL) - return 1; - return ctx->meth->final(ctx->data, out, outl, outsize); + return res; } /* From builds at travis-ci.com Sat Jul 18 08:13:19 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 18 Jul 2020 08:13:19 +0000 Subject: Errored: openssl/openssl#36195 (master - a85c902) In-Reply-To: Message-ID: <5f12af1f82cbe_13f9b17fa83081597d@travis-pro-tasks-6fd74c8955-nlg4g.mail> Build Update for openssl/openssl ------------------------------------- Build: #36195 Status: Errored Duration: 1 hr, 16 mins, and 32 secs Commit: a85c902 (master) Author: Pauli Message: mac: always pass a non-NULL output size pointer to providers. The backend code varies for the different MACs and sometimes sets the output length, sometimes checks the return pointer and sometimes neither. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12458) View the changeset: https://github.com/openssl/openssl/compare/3fc164e8d18d...a85c9021252e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176142884?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 19 07:53:48 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 19 Jul 2020 07:53:48 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5f13fc0c1156a_17fcc2b271b78cf5422415@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DjhhM_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE1YbTsH5Sg9E3IJR7FApwX0-2BSzQviQ7jKZQ-2FS5N-2BgT-2FBhCztng6gapWx1ID7c7INjKfpJEJgkXMB-2FVtB5yqXu6j3rcY3WcbexjiD9b08zhLZbbUZfjVcC1SAjLUJ04iZH0gg8lYB-2BgSENjzY3yyoPDNHvpapSkrAZTlZw1RR8nAXGJ3g0YqwJcChwzQUl7VOU-3D Build ID: 327387 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jul 19 07:55:40 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 19 Jul 2020 07:55:40 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5f13fc7b51323_180cb2b271b78cf542249f@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DeUkH_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH2QXFDgYcDlMVIeDKBCras-2F9j18IQbqcvtRKHqxasYLHRqRjrmBymIGEH-2BVRLVopkQpzcWpPLwl880gcR0yWxWwH4sCg3xz3OUldbL4fBQ6GdC2Kx-2But2L-2BLpDv-2BD6-2FgC0lPIyzz5e7nOaTrr8wIyZZg9CaGUnPd8jVzmp4DmAE4GnJYqMx-2FEcjv5kr-2BqYFu0-3D Build ID: 327386 Analysis Summary: New defects found: 2 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DxBMx_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH2QXFDgYcDlMVIeDKBCras-2F9j18IQbqcvtRKHqxasYLLi620bodHXpymNxCwYTOMmodg6ldJuWuJosR3rl3tLh5WS1wXnYqxv4Ypc2swjP4sAdLlluj49WDVJoQU1cMmTHLJR40-2FiS5dxWPZIk9F4QuMQSqy8mp1PSgCKn5CzdTkg325gSGQpbTB-2BripA57dU-3D From levitte at openssl.org Sun Jul 19 16:41:27 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 19 Jul 2020 16:41:27 +0000 Subject: [openssl] master update Message-ID: <1595176887.837852.745.nullmailer@dev.openssl.org> The branch master has been updated via 1bb78e72b9785c2cae40570e3aa8c9eb72d735e7 (commit) from a85c9021252e4ab53a15b46e773808864a63d3d1 (commit) - Log ----------------------------------------------------------------- commit 1bb78e72b9785c2cae40570e3aa8c9eb72d735e7 Author: Richard Levitte Date: Thu Jul 16 16:17:49 2020 +0200 Remove util/openssl-update-copyright It was useful at the time for a one-time run. However, since it does its work based on file modification time stamps, and those are notoriously untrustable in a git checkout, it ends up being harmful. There is a replacement in OpenSSL's tools repository, which relies on git history. Fixes #12462 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12466) ----------------------------------------------------------------------- Summary of changes: util/openssl-update-copyright | 63 ------------------------------------------- 1 file changed, 63 deletions(-) delete mode 100755 util/openssl-update-copyright diff --git a/util/openssl-update-copyright b/util/openssl-update-copyright deleted file mode 100755 index 14f8d206e0..0000000000 --- a/util/openssl-update-copyright +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -myname="$(basename $0)" - -this_year="$(date '+%Y')" -some_year="[12][0-9][0-9][0-9]" -year_range="(${some_year})(-${some_year})?" - -copyright_owner="The OpenSSL Project" -copyright="Copyright .*${year_range} .*${copyright_owner}" - -# sed_script: -# for all lines that contain ${copyright} : { -# replace years yyyy-zzzz (or year yyyy) by yyyy-${this_year} -# replace repeated years yyyy-yyyy by yyyy -# } -sed_script="/${copyright}/{ s/${year_range}/\1-${this_year}/ ; s/(${some_year})-\1/\1/ }" - -function usage() { - cat >&2 <& 2 - usage - exit 1 - ;; - *) - if [ -f "$arg" ]; then - sed -E -i "${sed_script}" "$arg" - elif [ -d "$arg" ]; then - find "$arg" -name '.[a-z]*' -prune -o -type f -exec sed -E -i "${sed_script}" {} + - else - echo "$arg: no such file or directory" >&2 - fi - ;; - esac -done From levitte at openssl.org Sun Jul 19 16:43:38 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 19 Jul 2020 16:43:38 +0000 Subject: [openssl] master update Message-ID: <1595177018.379731.2385.nullmailer@dev.openssl.org> The branch master has been updated via 43b3ab6f872ef64622d98ab0e3c88e312453c089 (commit) from 1bb78e72b9785c2cae40570e3aa8c9eb72d735e7 (commit) - Log ----------------------------------------------------------------- commit 43b3ab6f872ef64622d98ab0e3c88e312453c089 Author: Richard Levitte Date: Thu Jul 16 19:21:22 2020 +0200 Fix typo for SSL_get_peer_certificate() Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12468) ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 53664229c2..c030346760 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1710,7 +1710,7 @@ __owur X509 *SSL_get0_peer_certificate(const SSL *s); __owur X509 *SSL_get1_peer_certificate(const SSL *s); /* Deprecated in 3.0.0 */ # ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_get_peer_certificate SSL_get1_peer_certifiate +# define SSL_get_peer_certificate SSL_get1_peer_certificate # endif # endif From levitte at openssl.org Sun Jul 19 16:47:11 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 19 Jul 2020 16:47:11 +0000 Subject: [openssl] master update Message-ID: <1595177231.185413.5517.nullmailer@dev.openssl.org> The branch master has been updated via f64f17c3e011a00febed2bf6bc17ca7e030fc69e (commit) via 93e32043cbf75d0802bca9782e61a241acb1ec2d (commit) via d3cb5904f3ca62f23c95248f951477d322159bbb (commit) from 43b3ab6f872ef64622d98ab0e3c88e312453c089 (commit) - Log ----------------------------------------------------------------- commit f64f17c3e011a00febed2bf6bc17ca7e030fc69e Author: Shane Lontis Date: Wed Jul 15 18:26:35 2020 +1000 Added missing ';' after methods in the synopsis section of pod files Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12452) commit 93e32043cbf75d0802bca9782e61a241acb1ec2d Author: Richard Levitte Date: Wed Jul 15 08:42:18 2020 +0200 util/find-doc-nits: relax some SYNOPSIS checks - The check that disallowed space before the argument list in a function typedef is tentatively removed, allowing this kind of construction: typedef int (fantastically_long_name_breaks_80char_limit) (fantastically_long_name_breaks_80char_limit *something); - Accept the following style of function signature: typedef TYPE (NAME)(args...) - Accept space between '#' and 'defined' / 'undef' - Accept other spaces than SPC in argument list comma check, allowing declaration with line breaks. Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12452) commit d3cb5904f3ca62f23c95248f951477d322159bbb Author: Richard Levitte Date: Wed Jul 15 08:33:08 2020 +0200 util/find-doc-nits: read full declarations as one line in name_synopsis() name_synopsis was reading physical SYNOPSIS lines. This changes it to consider a declaration at a time, so we treat a C declaration that's been broken up in several lines as one. This makes it mandatory to end all C declarations in the SYNOPSIS with a semicolon. Those can be detected in two ways: 1. Parsing an individual .pod file outputs this error: doc/man3/SOMETHING.pod:1: Can't parse rest of synopsis: int SOMETHING_status(SOMETHING *s) int SOMETHING_start(SOMETHING *s) (declarations not ending with a semicolon (;)?) 2. Errors like this: doc/man3/SOMETHING.pod:1: SOMETHING_status missing from SYNOPSIS doc/man3/SOMETHING.pod:1: SOMETHING_start missing from SYNOPSIS Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12452) ----------------------------------------------------------------------- Summary of changes: doc/internal/man3/ossl_algorithm_do_all.pod | 2 +- doc/internal/man3/ossl_cmp_certReq_new.pod | 4 +-- doc/man3/BIO_f_cipher.pod | 4 +-- doc/man3/BIO_printf.pod | 8 ++--- doc/man3/BIO_s_file.pod | 8 ++--- doc/man3/BIO_s_mem.pod | 8 ++--- doc/man3/CONF_modules_free.pod | 2 +- doc/man3/CRYPTO_get_ex_new_index.pod | 2 +- doc/man3/DH_get_1024_160.pod | 36 +++++++++++------------ doc/man3/EC_GROUP_new.pod | 10 ++++--- doc/man3/ENGINE_add.pod | 2 +- doc/man3/ERR_print_errors.pod | 4 +-- doc/man3/EVP_PKEY_CTX_ctrl.pod | 5 ++-- doc/man3/EVP_PKEY_get_default_digest_nid.pod | 2 +- doc/man3/EVP_bf_cbc.pod | 11 ++++--- doc/man3/EVP_cast5_cbc.pod | 11 ++++--- doc/man3/EVP_chacha20.pod | 4 +-- doc/man3/EVP_desx_cbc.pod | 2 +- doc/man3/EVP_idea_cbc.pod | 11 ++++--- doc/man3/EVP_rc2_cbc.pod | 14 ++++----- doc/man3/EVP_rc4.pod | 7 ++--- doc/man3/EVP_rc5_32_12_16_cbc.pod | 11 ++++--- doc/man3/EVP_seed_cbc.pod | 11 ++++--- doc/man3/OBJ_nid2obj.pod | 2 +- doc/man3/OPENSSL_malloc.pod | 6 ++-- doc/man3/OpenSSL_add_all_algorithms.pod | 2 +- doc/man3/PEM_read.pod | 4 +-- doc/man3/PKCS12_SAFEBAG_get0_attrs.pod | 5 ++-- doc/man3/RAND_cleanup.pod | 2 +- doc/man3/RSA_size.pod | 2 +- doc/man3/SSL_COMP_add_compression_method.pod | 2 +- doc/man3/SSL_CTX_get0_param.pod | 8 ++--- doc/man3/SSL_CTX_set_alpn_select_cb.pod | 2 +- doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 6 ++-- doc/man3/SSL_SESSION_get0_id_context.pod | 2 +- doc/man3/SSL_SESSION_set1_id.pod | 2 +- doc/man3/SSL_load_client_CA_file.pod | 6 ++-- doc/man3/X509_NAME_get0_der.pod | 2 +- doc/man3/X509_SIG_get0.pod | 2 +- doc/man3/X509_check_purpose.pod | 2 +- doc/man3/d2i_PrivateKey.pod | 2 +- util/find-doc-nits | 44 +++++++++++++++++++++------- 42 files changed, 153 insertions(+), 129 deletions(-) diff --git a/doc/internal/man3/ossl_algorithm_do_all.pod b/doc/internal/man3/ossl_algorithm_do_all.pod index ce925d3295..be85df3f54 100644 --- a/doc/internal/man3/ossl_algorithm_do_all.pod +++ b/doc/internal/man3/ossl_algorithm_do_all.pod @@ -11,7 +11,7 @@ ossl_algorithm_do_all - generic algorithm implementation iterator void (*fn)(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *data), - void *data) + void *data); =head1 DESCRIPTION diff --git a/doc/internal/man3/ossl_cmp_certReq_new.pod b/doc/internal/man3/ossl_cmp_certReq_new.pod index ea10b149bc..1bf0311e77 100644 --- a/doc/internal/man3/ossl_cmp_certReq_new.pod +++ b/doc/internal/man3/ossl_cmp_certReq_new.pod @@ -61,13 +61,13 @@ ossl_cmp_error_new const char *text); OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx); OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid); - OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after) + OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after); OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx); OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx); OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si, int errorCode, OSSL_CMP_PKIFREETEXT *errorDetails, - int unprotected) + int unprotected); =head1 DESCRIPTION diff --git a/doc/man3/BIO_f_cipher.pod b/doc/man3/BIO_f_cipher.pod index c1f1ff8a75..807977215f 100644 --- a/doc/man3/BIO_f_cipher.pod +++ b/doc/man3/BIO_f_cipher.pod @@ -14,8 +14,8 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher const BIO_METHOD *BIO_f_cipher(void); void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, unsigned char *key, unsigned char *iv, int enc); - int BIO_get_cipher_status(BIO *b) - int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) + int BIO_get_cipher_status(BIO *b); + int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx); =head1 DESCRIPTION diff --git a/doc/man3/BIO_printf.pod b/doc/man3/BIO_printf.pod index 7f455f3682..625360b323 100644 --- a/doc/man3/BIO_printf.pod +++ b/doc/man3/BIO_printf.pod @@ -9,11 +9,11 @@ BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf #include - int BIO_printf(BIO *bio, const char *format, ...) - int BIO_vprintf(BIO *bio, const char *format, va_list args) + int BIO_printf(BIO *bio, const char *format, ...); + int BIO_vprintf(BIO *bio, const char *format, va_list args); - int BIO_snprintf(char *buf, size_t n, const char *format, ...) - int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + int BIO_snprintf(char *buf, size_t n, const char *format, ...); + int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); =head1 DESCRIPTION diff --git a/doc/man3/BIO_s_file.pod b/doc/man3/BIO_s_file.pod index 96bbf454fc..7b6246669b 100644 --- a/doc/man3/BIO_s_file.pod +++ b/doc/man3/BIO_s_file.pod @@ -17,10 +17,10 @@ BIO_rw_filename - FILE bio BIO_set_fp(BIO *b, FILE *fp, int flags); BIO_get_fp(BIO *b, FILE **fpp); - int BIO_read_filename(BIO *b, char *name) - int BIO_write_filename(BIO *b, char *name) - int BIO_append_filename(BIO *b, char *name) - int BIO_rw_filename(BIO *b, char *name) + int BIO_read_filename(BIO *b, char *name); + int BIO_write_filename(BIO *b, char *name); + int BIO_append_filename(BIO *b, char *name); + int BIO_rw_filename(BIO *b, char *name); =head1 DESCRIPTION diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index 69746dc9b0..a00ef5dd98 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -13,10 +13,10 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO const BIO_METHOD *BIO_s_mem(void); const BIO_METHOD *BIO_s_secmem(void); - BIO_set_mem_eof_return(BIO *b, int v) - long BIO_get_mem_data(BIO *b, char **pp) - BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) - BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) + BIO_set_mem_eof_return(BIO *b, int v); + long BIO_get_mem_data(BIO *b, char **pp); + BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c); + BIO_get_mem_ptr(BIO *b, BUF_MEM **pp); BIO *BIO_new_mem_buf(const void *buf, int len); diff --git a/doc/man3/CONF_modules_free.pod b/doc/man3/CONF_modules_free.pod index dc7a117315..e7ad3dac29 100644 --- a/doc/man3/CONF_modules_free.pod +++ b/doc/man3/CONF_modules_free.pod @@ -16,7 +16,7 @@ Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining B with a suitable version value, see L: - void CONF_modules_free(void) + void CONF_modules_free(void); =head1 DESCRIPTION diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod index 8311685501..b673f00862 100644 --- a/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/doc/man3/CRYPTO_get_ex_new_index.pod @@ -25,7 +25,7 @@ CRYPTO_free_ex_data, CRYPTO_new_ex_data typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **from_d, int idx, long argl, void *argp); - int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, int idx); diff --git a/doc/man3/DH_get_1024_160.pod b/doc/man3/DH_get_1024_160.pod index ff542e830d..c47a6874b7 100644 --- a/doc/man3/DH_get_1024_160.pod +++ b/doc/man3/DH_get_1024_160.pod @@ -23,24 +23,24 @@ BN_get_rfc3526_prime_8192 =head1 SYNOPSIS #include - DH *DH_get_1024_160(void) - DH *DH_get_2048_224(void) - DH *DH_get_2048_256(void) - - const BIGNUM *BN_get0_nist_prime_192(void) - const BIGNUM *BN_get0_nist_prime_224(void) - const BIGNUM *BN_get0_nist_prime_256(void) - const BIGNUM *BN_get0_nist_prime_384(void) - const BIGNUM *BN_get0_nist_prime_521(void) - - BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) - BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) - BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) - BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) - BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) - BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) - BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) - BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) + DH *DH_get_1024_160(void); + DH *DH_get_2048_224(void); + DH *DH_get_2048_256(void); + + const BIGNUM *BN_get0_nist_prime_192(void); + const BIGNUM *BN_get0_nist_prime_224(void); + const BIGNUM *BN_get0_nist_prime_256(void); + const BIGNUM *BN_get0_nist_prime_384(void); + const BIGNUM *BN_get0_nist_prime_521(void); + + BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); + BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); + BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); + BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); + BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); + BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); + BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); =head1 DESCRIPTION diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 2866b32c33..dbead817ec 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -26,8 +26,8 @@ objects #include - EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) - EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) + EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); void EC_GROUP_free(EC_GROUP *group); EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, @@ -51,8 +51,10 @@ objects int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); - ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) - ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) + ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index ed720bd905..97abc3beb0 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -162,7 +162,7 @@ Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining B with a suitable version value, see L: - void ENGINE_cleanup(void) + void ENGINE_cleanup(void); =head1 DESCRIPTION diff --git a/doc/man3/ERR_print_errors.pod b/doc/man3/ERR_print_errors.pod index 947ac3020d..95efe364f2 100644 --- a/doc/man3/ERR_print_errors.pod +++ b/doc/man3/ERR_print_errors.pod @@ -11,8 +11,8 @@ ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb void ERR_print_errors(BIO *bp); void ERR_print_errors_fp(FILE *fp); - void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) - + void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); =head1 DESCRIPTION diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 1e836fc30e..bd98a2f1d7 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -111,8 +111,9 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namelen) - int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); + size_t namelen); + int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, + int len); int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); #include diff --git a/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/doc/man3/EVP_PKEY_get_default_digest_nid.pod index a815353d0a..2213a024c7 100644 --- a/doc/man3/EVP_PKEY_get_default_digest_nid.pod +++ b/doc/man3/EVP_PKEY_get_default_digest_nid.pod @@ -10,7 +10,7 @@ EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name #include int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, - char *mdname, size_t mdname_sz) + char *mdname, size_t mdname_sz); int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); =head1 DESCRIPTION diff --git a/doc/man3/EVP_bf_cbc.pod b/doc/man3/EVP_bf_cbc.pod index a0376c6b5c..ef9f2c2374 100644 --- a/doc/man3/EVP_bf_cbc.pod +++ b/doc/man3/EVP_bf_cbc.pod @@ -13,11 +13,11 @@ EVP_bf_ofb #include - const EVP_CIPHER *EVP_bf_cbc(void) - const EVP_CIPHER *EVP_bf_cfb(void) - const EVP_CIPHER *EVP_bf_cfb64(void) - const EVP_CIPHER *EVP_bf_ecb(void) - const EVP_CIPHER *EVP_bf_ofb(void) + const EVP_CIPHER *EVP_bf_cbc(void); + const EVP_CIPHER *EVP_bf_cfb(void); + const EVP_CIPHER *EVP_bf_cfb64(void); + const EVP_CIPHER *EVP_bf_ecb(void); + const EVP_CIPHER *EVP_bf_ofb(void); =head1 DESCRIPTION @@ -59,4 +59,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/doc/man3/EVP_cast5_cbc.pod b/doc/man3/EVP_cast5_cbc.pod index b6edf62bb3..bb9ca80316 100644 --- a/doc/man3/EVP_cast5_cbc.pod +++ b/doc/man3/EVP_cast5_cbc.pod @@ -13,11 +13,11 @@ EVP_cast5_ofb #include - const EVP_CIPHER *EVP_cast5_cbc(void) - const EVP_CIPHER *EVP_cast5_cfb(void) - const EVP_CIPHER *EVP_cast5_cfb64(void) - const EVP_CIPHER *EVP_cast5_ecb(void) - const EVP_CIPHER *EVP_cast5_ofb(void) + const EVP_CIPHER *EVP_cast5_cbc(void); + const EVP_CIPHER *EVP_cast5_cfb(void); + const EVP_CIPHER *EVP_cast5_cfb64(void); + const EVP_CIPHER *EVP_cast5_ecb(void); + const EVP_CIPHER *EVP_cast5_ofb(void); =head1 DESCRIPTION @@ -59,4 +59,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod index 5218ee215f..00890bb383 100644 --- a/doc/man3/EVP_chacha20.pod +++ b/doc/man3/EVP_chacha20.pod @@ -10,8 +10,8 @@ EVP_chacha20_poly1305 #include - const EVP_CIPHER *EVP_chacha20(void) - const EVP_CIPHER *EVP_chacha20_poly1305(void) + const EVP_CIPHER *EVP_chacha20(void); + const EVP_CIPHER *EVP_chacha20_poly1305(void); =head1 DESCRIPTION diff --git a/doc/man3/EVP_desx_cbc.pod b/doc/man3/EVP_desx_cbc.pod index 88e5f882cc..aafda64bfc 100644 --- a/doc/man3/EVP_desx_cbc.pod +++ b/doc/man3/EVP_desx_cbc.pod @@ -9,7 +9,7 @@ EVP_desx_cbc #include - const EVP_CIPHER *EVP_desx_cbc(void) + const EVP_CIPHER *EVP_desx_cbc(void); =head1 DESCRIPTION diff --git a/doc/man3/EVP_idea_cbc.pod b/doc/man3/EVP_idea_cbc.pod index a1fcd7a1cd..c1afb6d0a8 100644 --- a/doc/man3/EVP_idea_cbc.pod +++ b/doc/man3/EVP_idea_cbc.pod @@ -13,11 +13,11 @@ EVP_idea_ofb #include - const EVP_CIPHER *EVP_idea_cbc(void) - const EVP_CIPHER *EVP_idea_cfb(void) - const EVP_CIPHER *EVP_idea_cfb64(void) - const EVP_CIPHER *EVP_idea_ecb(void) - const EVP_CIPHER *EVP_idea_ofb(void) + const EVP_CIPHER *EVP_idea_cbc(void); + const EVP_CIPHER *EVP_idea_cfb(void); + const EVP_CIPHER *EVP_idea_cfb64(void); + const EVP_CIPHER *EVP_idea_ecb(void); + const EVP_CIPHER *EVP_idea_ofb(void); =head1 DESCRIPTION @@ -57,4 +57,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/doc/man3/EVP_rc2_cbc.pod b/doc/man3/EVP_rc2_cbc.pod index 703ff21741..b1fe2c0ebd 100644 --- a/doc/man3/EVP_rc2_cbc.pod +++ b/doc/man3/EVP_rc2_cbc.pod @@ -15,13 +15,13 @@ EVP_rc2_64_cbc #include - const EVP_CIPHER *EVP_rc2_cbc(void) - const EVP_CIPHER *EVP_rc2_cfb(void) - const EVP_CIPHER *EVP_rc2_cfb64(void) - const EVP_CIPHER *EVP_rc2_ecb(void) - const EVP_CIPHER *EVP_rc2_ofb(void) - const EVP_CIPHER *EVP_rc2_40_cbc(void) - const EVP_CIPHER *EVP_rc2_64_cbc(void) + const EVP_CIPHER *EVP_rc2_cbc(void); + const EVP_CIPHER *EVP_rc2_cfb(void); + const EVP_CIPHER *EVP_rc2_cfb64(void); + const EVP_CIPHER *EVP_rc2_ecb(void); + const EVP_CIPHER *EVP_rc2_ofb(void); + const EVP_CIPHER *EVP_rc2_40_cbc(void); + const EVP_CIPHER *EVP_rc2_64_cbc(void); =head1 DESCRIPTION diff --git a/doc/man3/EVP_rc4.pod b/doc/man3/EVP_rc4.pod index 1865234004..dafa18b240 100644 --- a/doc/man3/EVP_rc4.pod +++ b/doc/man3/EVP_rc4.pod @@ -11,9 +11,9 @@ EVP_rc4_hmac_md5 #include - const EVP_CIPHER *EVP_rc4(void) - const EVP_CIPHER *EVP_rc4_40(void) - const EVP_CIPHER *EVP_rc4_hmac_md5(void) + const EVP_CIPHER *EVP_rc4(void); + const EVP_CIPHER *EVP_rc4_40(void); + const EVP_CIPHER *EVP_rc4_hmac_md5(void); =head1 DESCRIPTION @@ -65,4 +65,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod index 0876fab612..4de6df0187 100644 --- a/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -13,11 +13,11 @@ EVP_rc5_32_12_16_ofb #include - const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) - const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) - const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) - const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) - const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) + const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); + const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); + const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); + const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); + const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); =head1 DESCRIPTION @@ -79,4 +79,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/doc/man3/EVP_seed_cbc.pod b/doc/man3/EVP_seed_cbc.pod index caadda4ca4..efc10de20a 100644 --- a/doc/man3/EVP_seed_cbc.pod +++ b/doc/man3/EVP_seed_cbc.pod @@ -13,11 +13,11 @@ EVP_seed_ofb #include - const EVP_CIPHER *EVP_seed_cbc(void) - const EVP_CIPHER *EVP_seed_cfb(void) - const EVP_CIPHER *EVP_seed_cfb128(void) - const EVP_CIPHER *EVP_seed_ecb(void) - const EVP_CIPHER *EVP_seed_ofb(void) + const EVP_CIPHER *EVP_seed_cbc(void); + const EVP_CIPHER *EVP_seed_cfb(void); + const EVP_CIPHER *EVP_seed_cfb128(void); + const EVP_CIPHER *EVP_seed_ecb(void); + const EVP_CIPHER *EVP_seed_ofb(void); =head1 DESCRIPTION @@ -59,4 +59,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index 79923d1ce8..771f32a7fa 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -39,7 +39,7 @@ Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining B with a suitable version value, see L: - void OBJ_cleanup(void) + void OBJ_cleanup(void); =head1 DESCRIPTION diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 6ee202f79f..211a6b68cd 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -48,7 +48,7 @@ OPENSSL_MALLOC_FD char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line); void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, const char *file, int line); - void CRYPTO_clear_free(void *str, size_t num, const char *, int) + void CRYPTO_clear_free(void *str, size_t num, const char *, int); typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, @@ -73,9 +73,9 @@ Deprecated: int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), void *u); - int CRYPTO_set_mem_debug(int onoff) + int CRYPTO_set_mem_debug(int onoff); int CRYPTO_mem_ctrl(int mode); - int OPENSSL_mem_debug_push(const char *info) + int OPENSSL_mem_debug_push(const char *info); int OPENSSL_mem_debug_pop(void); int CRYPTO_mem_debug_push(const char *info, const char *file, int line); int CRYPTO_mem_debug_pop(void); diff --git a/doc/man3/OpenSSL_add_all_algorithms.pod b/doc/man3/OpenSSL_add_all_algorithms.pod index dd2076e8e7..7a2e7d325a 100644 --- a/doc/man3/OpenSSL_add_all_algorithms.pod +++ b/doc/man3/OpenSSL_add_all_algorithms.pod @@ -17,7 +17,7 @@ L: void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); - void EVP_cleanup(void) + void EVP_cleanup(void); =head1 DESCRIPTION diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod index ecfec1b90a..0f71a84408 100644 --- a/doc/man3/PEM_read.pod +++ b/doc/man3/PEM_read.pod @@ -11,9 +11,9 @@ PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO #include int PEM_write(FILE *fp, const char *name, const char *header, - const unsigned char *data, long len) + const unsigned char *data, long len); int PEM_write_bio(BIO *bp, const char *name, const char *header, - const unsigned char *data, long len) + const unsigned char *data, long len); int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); diff --git a/doc/man3/PKCS12_SAFEBAG_get0_attrs.pod b/doc/man3/PKCS12_SAFEBAG_get0_attrs.pod index 07dd74ccfd..c1544bc0e7 100644 --- a/doc/man3/PKCS12_SAFEBAG_get0_attrs.pod +++ b/doc/man3/PKCS12_SAFEBAG_get0_attrs.pod @@ -2,7 +2,8 @@ =head1 NAME -PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen - Retrieve attributes from a PKCS#12 safeBag +PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen +- Retrieve attributes from a PKCS#12 safeBag =head1 SYNOPSIS @@ -11,7 +12,7 @@ PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen - Retrieve attributes from a PKCS const STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid) + int attr_nid); =head1 DESCRIPTION diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index dfe76a7b70..6f854eaef2 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -12,7 +12,7 @@ Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining B with a suitable version value, see L: - void RAND_cleanup(void) + void RAND_cleanup(void); =head1 DESCRIPTION diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index a23f51abc2..6e3451f22c 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -16,7 +16,7 @@ L: int RSA_size(const RSA *rsa); - int RSA_security_bits(const RSA *rsa) + int RSA_security_bits(const RSA *rsa); =head1 DESCRIPTION diff --git a/doc/man3/SSL_COMP_add_compression_method.pod b/doc/man3/SSL_COMP_add_compression_method.pod index 51d4c74882..e62374838d 100644 --- a/doc/man3/SSL_COMP_add_compression_method.pod +++ b/doc/man3/SSL_COMP_add_compression_method.pod @@ -19,7 +19,7 @@ Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining B with a suitable version value, see L: - void SSL_COMP_free_compression_methods(void) + void SSL_COMP_free_compression_methods(void); =head1 DESCRIPTION diff --git a/doc/man3/SSL_CTX_get0_param.pod b/doc/man3/SSL_CTX_get0_param.pod index 3c68e3e18d..958b251926 100644 --- a/doc/man3/SSL_CTX_get0_param.pod +++ b/doc/man3/SSL_CTX_get0_param.pod @@ -9,10 +9,10 @@ get and set verification parameters #include - X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) - X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) - int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) - int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); + X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); + int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); =head1 DESCRIPTION diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index b7039f4179..9a7a934d50 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -43,7 +43,7 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated const unsigned char *server, unsigned int server_len, const unsigned char *client, - unsigned int client_len) + unsigned int client_len); void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index db662f892b..fe159bef1b 100644 --- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -2,7 +2,9 @@ =head1 NAME -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, +SSL_set_tmp_dh_callback, SSL_set_tmp_dh +- handle DH keys for ephemeral key exchange =head1 SYNOPSIS @@ -16,7 +18,7 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se void SSL_set_tmp_dh_callback(SSL *ctx, DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_set_tmp_dh(SSL *ssl, DH *dh) + long SSL_set_tmp_dh(SSL *ssl, DH *dh); =head1 DESCRIPTION diff --git a/doc/man3/SSL_SESSION_get0_id_context.pod b/doc/man3/SSL_SESSION_get0_id_context.pod index 2929fbb7f2..65ac76a9a8 100644 --- a/doc/man3/SSL_SESSION_get0_id_context.pod +++ b/doc/man3/SSL_SESSION_get0_id_context.pod @@ -11,7 +11,7 @@ SSL_SESSION_set1_id_context #include const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, - unsigned int *len) + unsigned int *len); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); diff --git a/doc/man3/SSL_SESSION_set1_id.pod b/doc/man3/SSL_SESSION_set1_id.pod index 14e27656ff..297e9cdacb 100644 --- a/doc/man3/SSL_SESSION_set1_id.pod +++ b/doc/man3/SSL_SESSION_set1_id.pod @@ -11,7 +11,7 @@ SSL_SESSION_set1_id #include const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, - unsigned int *len) + unsigned int *len); int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod index ea3bbaf541..488bb61c13 100644 --- a/doc/man3/SSL_load_client_CA_file.pod +++ b/doc/man3/SSL_load_client_CA_file.pod @@ -15,11 +15,11 @@ SSL_add_store_cert_subjects_to_stack STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) + const char *file); int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *dir) + const char *dir); int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *store) + const char *store); =head1 DESCRIPTION diff --git a/doc/man3/X509_NAME_get0_der.pod b/doc/man3/X509_NAME_get0_der.pod index acd3442fe6..78ed9920a0 100644 --- a/doc/man3/X509_NAME_get0_der.pod +++ b/doc/man3/X509_NAME_get0_der.pod @@ -9,7 +9,7 @@ X509_NAME_get0_der - get X509_NAME DER encoding #include int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, - size_t *pderlen) + size_t *pderlen); =head1 DESCRIPTION diff --git a/doc/man3/X509_SIG_get0.pod b/doc/man3/X509_SIG_get0.pod index 653bc43841..ca67d3d0bf 100644 --- a/doc/man3/X509_SIG_get0.pod +++ b/doc/man3/X509_SIG_get0.pod @@ -11,7 +11,7 @@ X509_SIG_get0, X509_SIG_getm - DigestInfo functions void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, const ASN1_OCTET_STRING **pdigest); void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest, + ASN1_OCTET_STRING **pdigest); =head1 DESCRIPTION diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod index 6af9e79815..e0f1353842 100644 --- a/doc/man3/X509_check_purpose.pod +++ b/doc/man3/X509_check_purpose.pod @@ -8,7 +8,7 @@ X509_check_purpose - Check the purpose of a certificate #include - int X509_check_purpose(X509 *x, int id, int ca) + int X509_check_purpose(X509 *x, int id, int ca); =head1 DESCRIPTION diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod index 591fa83ce4..689e8ba209 100644 --- a/doc/man3/d2i_PrivateKey.pod +++ b/doc/man3/d2i_PrivateKey.pod @@ -42,7 +42,7 @@ i2d_PrivateKey_fp EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OPENSSL_CTX *libctx, const char *propq); - EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) + EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); diff --git a/util/find-doc-nits b/util/find-doc-nits index d2317459ec..c82e647bf5 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -311,23 +311,47 @@ sub name_synopsis { # Find all functions in SYNOPSIS return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms; my $syn = $1; - foreach my $line ( split /\n+/, $syn ) { - next unless $line =~ /^\s/; + # Remove all non-code lines + $syn =~ s/^(?:\s*?|\S.*?)$//msg; + # Remove all comments + $syn =~ s/\/\*.*?\*\///msg; + while ( $syn ) { + # "env" lines end at a newline. + # Preprocessor lines start with a # and end at a newline. + # Other lines end with a semicolon, and may cover more than + # one physical line. + if ( $syn !~ /^ \s*(env .*?|#.*?|.*?;)\s*$/ms ) { + err($id, "Can't parse rest of synopsis:\n$syn\n(declarations not ending with a semicolon (;)?)"); + last; + } + my $line = $1; + $syn = $'; + my $sym; my $is_prototype = 1; $line =~ s/STACK_OF\([^)]+\)/int/g; $line =~ s/SPARSE_ARRAY_OF\([^)]+\)/int/g; $line =~ s/__declspec\([^)]+\)//; - if ( $line =~ /typedef.*\(\*\S+\)\s+\(/ ) { - # a callback function with whitespace before the argument list: - # typedef ... (*NAME) (... - err($id, "Function typedef has space before arg list: $line"); - } + + ## We don't prohibit that space, to allow typedefs looking like + ## this: + ## + ## typedef int (fantastically_long_name_breaks_80char_limit) + ## (fantastically_long_name_breaks_80char_limit *something); + ## + #if ( $line =~ /typedef.*\(\*?\S+\)\s+\(/ ) { + # # a callback function with whitespace before the argument list: + # # typedef ... (*NAME) (... + # # typedef ... (NAME) (... + # err($id, "Function typedef has space before arg list: $line"); + #} + if ( $line =~ /env (\S*)=/ ) { # environment variable env NAME=... $sym = $1; - } elsif ( $line =~ /typedef.*\(\*(\S+)\)\s*\(/ ) { + } elsif ( $line =~ /typedef.*\(\*?(\S+)\)\s*\(/ ) { # a callback function pointer: typedef ... (*NAME)(... + # a callback function signature: typedef ... (NAME)(... $sym = $1; } elsif ( $line =~ /typedef.* (\S+)\(/ ) { # a callback function signature: typedef ... NAME(... @@ -339,7 +363,7 @@ sub name_synopsis { } elsif ( $line =~ /enum (\S*) \{/ ) { # an enumeration: enum ... { $sym = $1; - } elsif ( $line =~ /#(?:define|undef) ([A-Za-z0-9_]+)/ ) { + } elsif ( $line =~ /#\s*(?:define|undef) ([A-Za-z0-9_]+)/ ) { $is_prototype = 0; $sym = $1; } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) { @@ -354,7 +378,7 @@ sub name_synopsis { # Do some sanity checks on the prototype. err($id, "Prototype missing spaces around commas: $line") - if $is_prototype && $line =~ /[a-z0-9],[^ ]/; + if $is_prototype && $line =~ /[a-z0-9],[^\s]/; } foreach my $n ( keys %names ) { From builds at travis-ci.com Sun Jul 19 18:00:26 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 19 Jul 2020 18:00:26 +0000 Subject: Errored: openssl/openssl#36203 (master - 1bb78e7) In-Reply-To: Message-ID: <5f148a39b7ce9_13fae3dfa904411506e@travis-pro-tasks-dcdfd4bdd-992k7.mail> Build Update for openssl/openssl ------------------------------------- Build: #36203 Status: Errored Duration: 1 hr, 17 mins, and 17 secs Commit: 1bb78e7 (master) Author: Richard Levitte Message: Remove util/openssl-update-copyright It was useful at the time for a one-time run. However, since it does its work based on file modification time stamps, and those are notoriously untrustable in a git checkout, it ends up being harmful. There is a replacement in OpenSSL's tools repository, which relies on git history. Fixes #12462 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12466) View the changeset: https://github.com/openssl/openssl/compare/a85c9021252e...1bb78e72b978 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176221762?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Jul 19 19:15:22 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 19 Jul 2020 19:15:22 +0000 Subject: Errored: openssl/openssl#36204 (master - 43b3ab6) In-Reply-To: Message-ID: <5f149bca3fd1d_13fae3dfa8860189192@travis-pro-tasks-dcdfd4bdd-992k7.mail> Build Update for openssl/openssl ------------------------------------- Build: #36204 Status: Errored Duration: 1 hr, 29 mins, and 53 secs Commit: 43b3ab6 (master) Author: Richard Levitte Message: Fix typo for SSL_get_peer_certificate() Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12468) View the changeset: https://github.com/openssl/openssl/compare/1bb78e72b978...43b3ab6f872e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176221851?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Jul 19 20:25:00 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 19 Jul 2020 20:25:00 +0000 Subject: Errored: openssl/openssl#36205 (master - f64f17c) In-Reply-To: Message-ID: <5f14ac1c6e58a_13fae3dfa8950247552@travis-pro-tasks-dcdfd4bdd-992k7.mail> Build Update for openssl/openssl ------------------------------------- Build: #36205 Status: Errored Duration: 1 hr, 29 mins, and 27 secs Commit: f64f17c (master) Author: Shane Lontis Message: Added missing ';' after methods in the synopsis section of pod files Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12452) View the changeset: https://github.com/openssl/openssl/compare/43b3ab6f872e...f64f17c3e011 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176221989?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Sun Jul 19 23:27:24 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Sun, 19 Jul 2020 23:27:24 +0000 Subject: [openssl] master update Message-ID: <1595201244.989650.28539.nullmailer@dev.openssl.org> The branch master has been updated via 53043311560f836ce65e7ad55423363901d1287a (commit) from f64f17c3e011a00febed2bf6bc17ca7e030fc69e (commit) - Log ----------------------------------------------------------------- commit 53043311560f836ce65e7ad55423363901d1287a Author: Jean-Christophe Fillion-Robin Date: Tue Jun 23 02:37:22 2020 -0400 Fix linking against non-system zlib on macOS This commit ensures the -L/path/to/zlib flag associated with ldflags property set in "Configurations/00-base-templates.conf" (under "BASE_unix") is inherited when defining "darwin-common" configuration. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12238) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 895317dbb6..fc9f3bbea6 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1563,7 +1563,7 @@ my %targets = ( CFLAGS => picker(debug => "-g -O0", release => "-O3"), cppflags => threads("-D_REENTRANT"), - lflags => "-Wl,-search_paths_first", + lflags => add("-Wl,-search_paths_first"), sys_id => "MACOSX", bn_ops => "BN_LLONG RC4_CHAR", thread_scheme => "pthreads", From openssl at openssl.org Sun Jul 19 23:55:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 19 Jul 2020 23:55:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1595202959.294871.30852.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80F7D8AC667F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80D72007C77F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80D72007C77F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3021, 1682 wallclock secs (11.63 usr 1.63 sys + 1516.52 cusr 152.90 csys = 1682.68 CPU) Result: FAIL Makefile:2493: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2491: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Mon Jul 20 01:22:26 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 20 Jul 2020 01:22:26 +0000 Subject: Errored: openssl/openssl#36208 (master - 5304331) In-Reply-To: Message-ID: <5f14f1d2797f_13ff9599a4c181049e9@travis-pro-tasks-b566d5d46-vq5fd.mail> Build Update for openssl/openssl ------------------------------------- Build: #36208 Status: Errored Duration: 1 hr, 29 mins, and 21 secs Commit: 5304331 (master) Author: Jean-Christophe Fillion-Robin Message: Fix linking against non-system zlib on macOS This commit ensures the -L/path/to/zlib flag associated with ldflags property set in "Configurations/00-base-templates.conf" (under "BASE_unix") is inherited when defining "darwin-common" configuration. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12238) View the changeset: https://github.com/openssl/openssl/compare/f64f17c3e011...53043311560f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176239920?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 20 01:53:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 01:53:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1595210026.793762.28142.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3090, 860 wallclock secs (12.84 usr 1.36 sys + 790.72 cusr 60.82 csys = 865.74 CPU) Result: FAIL Makefile:3127: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3125: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 20 07:28:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 07:28:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1595230105.441080.2339.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): C0700C27607F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0700C27607F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0700C27607F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0700C27607F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0700C27607F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0700C27607F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0700C27607F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0700C27607F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0700C27607F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0700C27607F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0D0BEA6397F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:927:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C060AFA45D7F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:927:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3055:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3124, 849 wallclock secs (12.62 usr 1.18 sys + 796.77 cusr 57.88 csys = 868.45 CPU) Result: FAIL Makefile:3079: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3077: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 20 07:52:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 07:52:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1595231522.434419.18914.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3224, 850 wallclock secs (12.44 usr 1.20 sys + 785.73 cusr 62.91 csys = 862.28 CPU) Result: FAIL Makefile:3139: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3137: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 20 07:58:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 07:58:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1595231889.670324.3111.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): test/cmp_protect_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_server_test rm -f test/cmp_status_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_server_test \ test/cmp_server_test-bin-cmp_server_test.o \ test/cmp_server_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_status_test \ test/cmp_status_test-bin-cmp_status_test.o \ test/cmp_status_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_vfy_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_vfy_test \ test/cmp_vfy_test-bin-cmp_testlib.o \ test/cmp_vfy_test-bin-cmp_vfy_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/context_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/context_internal_test \ test/context_internal_test-bin-context_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ctype_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ctype_internal_test \ test/ctype_internal_test-bin-ctype_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/curve448_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/curve448_internal_test \ test/curve448_internal_test-bin-curve448_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/destest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/destest \ test/destest-bin-destest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dhtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dhtest \ test/dhtest-bin-dhtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/drbgtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/drbgtest \ test/drbgtest-bin-drbgtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsa_no_digest_size_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsa_no_digest_size_test \ test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsatest \ test/dsatest-bin-dsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ec_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ec_internal_test \ test/ec_internal_test-bin-ec_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ecdsatest rm -f test/evp_libctx_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_libctx_test \ test/evp_libctx_test-bin-evp_libctx_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ecdsatest \ test/ecdsatest-bin-ecdsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_pkey_provided_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_pkey_provided_test \ test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x0): undefined reference to `_bignum_dh2048_256_p' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x8): undefined reference to `_bignum_dh2048_256_q' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x10): undefined reference to `_bignum_dh2048_256_g' rm -f test/ffc_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ffc_internal_test \ test/ffc_internal_test-bin-ffc_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/hexstr_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/hexstr_test \ test/hexstr_test-bin-hexstr_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:25572: recipe for target 'test/evp_libctx_test' failed make[1]: *** [test/evp_libctx_test] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3053: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Jul 20 08:00:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 08:00:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1595232025.527005.17979.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmactest-bin-cmactest.d.tmp -MT test/cmactest-bin-cmactest.o -c -o test/cmactest-bin-cmactest.o ../openssl/test/cmactest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_asn_test.d.tmp -MT test/cmp_asn_test-bin-cmp_asn_test.o -c -o test/cmp_asn_test-bin-cmp_asn_test.o ../openssl/test/cmp_asn_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_testlib.d.tmp -MT test/cmp_asn_test-bin-cmp_testlib.o -c -o test/cmp_asn_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_client_test.d.tmp -MT test/cmp_client_test-bin-cmp_client_test.o -c -o test/cmp_client_test-bin-cmp_client_test.o ../openssl/test/cmp_client_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_testlib.d.tmp -MT test/cmp_client_test-bin-cmp_testlib.o -c -o test/cmp_client_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_ctx_test.d.tmp -MT test/cmp_ctx_test-bin-cmp_ctx_test.o -c -o test/cmp_ctx_test-bin-cmp_ctx_test.o ../openssl/test/cmp_ctx_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_testlib.d.tmp -MT test/cmp_ctx_test-bin-cmp_testlib.o -c -o test/cmp_ctx_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_hdr_test.d.tmp -MT test/cmp_hdr_test-bin-cmp_hdr_test.o -c -o test/cmp_hdr_test-bin-cmp_hdr_test.o ../openssl/test/cmp_hdr_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_testlib.d.tmp -MT test/cmp_hdr_test-bin-cmp_testlib.o -c -o test/cmp_hdr_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_msg_test.d.tmp -MT test/cmp_msg_test-bin-cmp_msg_test.o -c -o test/cmp_msg_test-bin-cmp_msg_test.o ../openssl/test/cmp_msg_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_testlib.d.tmp -MT test/cmp_msg_test-bin-cmp_testlib.o -c -o test/cmp_msg_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_protect_test.d.tmp -MT test/cmp_protect_test-bin-cmp_protect_test.o -c -o test/cmp_protect_test-bin-cmp_protect_test.o ../openssl/test/cmp_protect_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_testlib.d.tmp -MT test/cmp_protect_test-bin-cmp_testlib.o -c -o test/cmp_protect_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/cmp_server_test-bin-cmp_testlib.o -c -o test/cmp_server_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/cmp_status_test-bin-cmp_testlib.o -c -o test/cmp_status_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_testlib.d.tmp -MT test/cmp_vfy_test-bin-cmp_testlib.o -c -o test/cmp_vfy_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/confdump-bin-confdump.d.tmp -MT test/confdump-bin-confdump.o -c -o test/confdump-bin-confdump.o ../openssl/test/confdump.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Itest -I. -Iapps/include -I../openssl/include -I../openssl/test -I../openssl -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_extra_test-bin-drbg_extra_test.d.tmp -MT test/drbg_extra_test-bin-drbg_extra_test.o -c -o test/drbg_extra_test-bin-drbg_extra_test.o ../openssl/test/drbg_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test2-bin-evp_extra_test2.d.tmp -MT test/evp_extra_test2-bin-evp_extra_test2.o -c -o test/evp_extra_test2-bin-evp_extra_test2.o ../openssl/test/evp_extra_test2.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_fetch_prov_test-bin-evp_fetch_prov_test.d.tmp -MT test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o -c -o test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o ../openssl/test/evp_fetch_prov_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_libctx_test-bin-evp_libctx_test.d.tmp -MT test/evp_libctx_test-bin-evp_libctx_test.o -c -o test/evp_libctx_test-bin-evp_libctx_test.o ../openssl/test/evp_libctx_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.d.tmp -MT test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o -c -o test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o ../openssl/test/evp_pkey_dparams_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_provided_test-bin-evp_pkey_provided_test.d.tmp -MT test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o -c -o test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o ../openssl/test/evp_pkey_provided_test.c ../openssl/test/evp_libctx_test.c:156:27: error: implicit declaration of function 'DH_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:156:27: note: did you mean 'BN_new'? ../openssl/include/openssl/bn.h:230:9: note: 'BN_new' declared here BIGNUM *BN_new(void); ^ ../openssl/test/evp_libctx_test.c:156:27: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:156:25: error: incompatible integer to pointer conversion assigning to 'DH *' (aka 'struct dh_st *') from 'int' [-Werror,-Wint-conversion] || !TEST_ptr(dh = DH_new()) ^ ~~~~~~~~ ../openssl/test/testutil.h:436:64: note: expanded from macro 'TEST_ptr' # define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) ^ ../openssl/test/evp_libctx_test.c:160:23: error: implicit declaration of function 'DH_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_true(DH_set0_pqg(dh, p, q, g))) ^ ../openssl/test/evp_libctx_test.c:160:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/test/evp_libctx_test.c:177:5: error: implicit declaration of function 'DH_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DH_free(dh); ^ ../openssl/test/evp_libctx_test.c:177:5: note: did you mean 'BN_free'? ../openssl/include/openssl/bn.h:291:6: note: 'BN_free' declared here void BN_free(BIGNUM *a); ^ ../openssl/test/evp_libctx_test.c:177:5: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] DH_free(dh); ^ clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_test-bin-evp_test.d.tmp -MT test/evp_test-bin-evp_test.o -c -o test/evp_test-bin-evp_test.o ../openssl/test/evp_test.c 7 errors generated. Makefile:25567: recipe for target 'test/evp_libctx_test-bin-evp_libctx_test.o' failed make[1]: *** [test/evp_libctx_test-bin-evp_libctx_test.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3050: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Mon Jul 20 09:13:36 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 20 Jul 2020 09:13:36 +0000 Subject: Build failed: openssl master.35674 Message-ID: <20200720091336.1.98565C3436646BEF@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 20 09:18:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 09:18:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1595236717.615462.20959.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): 70-test_sslversions.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t (Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 13 Failed: 2) Failed tests: 8-9 Non-zero exit status: 2 Files=205, Tests=2035, 356 wallclock secs ( 5.43 usr 0.78 sys + 307.75 cusr 32.21 csys = 346.17 CPU) Result: FAIL Makefile:3127: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3125: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Mon Jul 20 09:18:46 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 20 Jul 2020 09:18:46 +0000 Subject: [openssl] master update Message-ID: <1595236726.949054.5349.nullmailer@dev.openssl.org> The branch master has been updated via 16c6534b961a723781bb827211c705c7d7fb3727 (commit) via 174f4a4d6a8e54429732e01ea4448d2d08b2bf98 (commit) via dc18781550d5df62074d0ad16680a6dda862df6e (commit) via 43b2e9e0088192f7e116b9b198a8c662ade193eb (commit) via a77571c34f61ceb455a4aa357d4d95e412f9e9f8 (commit) from 53043311560f836ce65e7ad55423363901d1287a (commit) - Log ----------------------------------------------------------------- commit 16c6534b961a723781bb827211c705c7d7fb3727 Author: Dr. David von Oheimb Date: Thu Jun 25 11:55:56 2020 +0200 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12270) commit 174f4a4d6a8e54429732e01ea4448d2d08b2bf98 Author: Dr. David von Oheimb Date: Sun Jun 7 14:53:20 2020 +0200 check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12270) commit dc18781550d5df62074d0ad16680a6dda862df6e Author: Dr. David von Oheimb Date: Sun Jun 7 14:47:16 2020 +0200 check-format.pl: Add check for essentially empty line at beginning of file Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12270) commit 43b2e9e0088192f7e116b9b198a8c662ade193eb Author: Dr. David von Oheimb Date: Sat Jun 6 21:14:29 2020 +0200 check-format.pl: Add check for multiples essentially empty lines in a row Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12270) commit a77571c34f61ceb455a4aa357d4d95e412f9e9f8 Author: Dr. David von Oheimb Date: Tue Apr 7 14:27:08 2020 +0200 check-format.pl: Allow comment start '/*' after opening '(','[','{' On this occasion fix uses of the word 'nor'. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12270) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 + NEWS.md | 1 + util/check-format-test-negatives.c | 806 ++++++++++++++++++------------------- util/check-format-test-positives.c | 405 ++++++++++--------- util/check-format.pl | 26 +- 5 files changed, 630 insertions(+), 615 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 3a267d6c25..5ff188c18c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -240,6 +240,13 @@ OpenSSL 3.0 *David von Oheimb* + * Added `util/check-format.pl`, a tool for checking adherence to the + OpenSSL coding style . + The checks performed are incomplete and yield some false positives. + Still the tool should be useful for detecting most typical glitches. + + *David von Oheimb* + * BIO_do_connect and BIO_do_handshake have been extended: If domain name resolution yields multiple IP addresses all of them are tried after connect() failures. diff --git a/NEWS.md b/NEWS.md index ed99e8cd00..801016f2b5 100644 --- a/NEWS.md +++ b/NEWS.md @@ -41,6 +41,7 @@ OpenSSL 3.0 All widely used CMP features are supported for both clients and servers. * Added a proper HTTP(S) client to libcrypto supporting GET and POST, redirection, plain and ASN.1-encoded contents, proxies, and timeouts. + * Added util/check-format.pl for checking adherence to the coding guidelines. * Added OSSL_SERIALIZER, a generic serializer API. * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. * Added error raising macros, ERR_raise() and ERR_raise_data(). diff --git a/util/check-format-test-negatives.c b/util/check-format-test-negatives.c index 33d0e9445d..478fe62e16 100644 --- a/util/check-format-test-negatives.c +++ b/util/check-format-test-negatives.c @@ -22,7 +22,7 @@ int f(void) /* */ { if (ctx == NULL) { /* non-leading intra-line comment */ - if (pem_name != NULL) + if (/* comment after '(' */ pem_name != NULL /* comment before ')' */) /* entire-line comment indent usually like for the following line */ return NULL; /* hanging indent also for this line after comment */ /* leading comment has same indentation as normal code */ stmt; @@ -308,410 +308,410 @@ ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS) void f_looong_body_200() { /* function body length up to 200 lines accepted */ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; } void f_looong_body_201() { /* function body length > 200 lines, but LONG BODY marker present */ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; } diff --git a/util/check-format-test-positives.c b/util/check-format-test-positives.c index 809ecaa355..7d9bbea5c7 100644 --- a/util/check-format-test-positives.c +++ b/util/check-format-test-positives.c @@ -134,212 +134,211 @@ int f (int a, /*@ space after fn before '(', reported unless sloppy-spc */ void f_looong_body() { - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + ; + + + ; /*@ 2 essentially empty lines before, if !sloppy-spc */ } /*@ function body length > 200 lines */ - #if 0 /*@0 unclosed #if */ struct t { /*@0 unclosed brace at decl/block level */ enum { /*@0 unclosed brace at enum/expression level */ v = (1 /*@0 unclosed parenthesis */ - etyp /*@0 empty line follows just before EOF: */ + etyp /*@0 empty line follows just before EOF, if !sloppy-spc: */ diff --git a/util/check-format.pl b/util/check-format.pl index b7c28f15ef..0619240f82 100755 --- a/util/check-format.pl +++ b/util/check-format.pl @@ -259,7 +259,7 @@ sub check_indent { # used for lines outside multi-line string literals ($alt_desc, $alt_indent) = ("outermost position", 1) if $expr_indent == 0 && $has_label; if (@nested_conds_indents != 0 && substr($_, $count, 1) eq ":") { - # leading ':' within stmt/expr/decl - this cannot happen for labels nor leading '&&' or '||' + # leading ':' within stmt/expr/decl - this cannot happen for labels, leading '&&', or leading '||' # allow special indent at level of corresponding "?" ($alt_desc, $alt_indent) = ("leading ':'", @nested_conds_indents[-1]); } @@ -512,7 +512,7 @@ while (<>) { # loop over all lines of all input files # detect end of comment, must be within multi-line comment, check if it is preceded by non-whitespace text if ((my ($head, $tail) = m|^(.*?)\*/(.*)$|) && $1 ne '/') { # ending comment: '*/' - report("no SPC nor '*' before '*/'") if $head =~ m/[^*\s]$/; + report("neither SPC nor '*' before '*/'") if $head =~ m/[^*\s]$/; report("no SPC after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/' if (!($head =~ m|/\*|)) { # not begin of comment '/*', which is is handled below if ($in_comment == 0) { @@ -537,8 +537,8 @@ while (<>) { # loop over all lines of all input files MATCH_COMMENT: if (my ($head, $opt_minus, $tail) = m|^(.*?)/\*(-?)(.*)$|) { # begin of comment: '/*' report("no SPC before '/*'") - if $head =~ m/[^\s\*]$/; # no space (nor '*', needed to allow '*/' here) before comment delimiter - report("no SPC nor '*' after '/*' or '/*-'") if $tail =~ m/^[^\s*$self_test_exception]/; + if $head =~ m/[^\s(\*]$/; # not space, '(', or or '*' (needed to allow '*/') before comment delimiter + report("neither SPC nor '*' after '/*' or '/*-'") if $tail =~ m/^[^\s*$self_test_exception]/; my $cmt_text = $opt_minus.$tail; # preliminary if ($in_comment > 0) { report("unexpected '/*' inside multi-line comment"); @@ -647,8 +647,10 @@ while (<>) { # loop over all lines of all input files $intra_line =~ s/[A-Z_]+/int/g if $contents =~ m/^(.*?)\s*\\\s*$/; # treat double &&, ||, <<, and >> as single ones, simplifying matching below $intra_line =~ s/(&&|\|\||<<|>>)/substr($1, 0, 1)/eg; - # remove blinded comments etc. directly before ,;)} - while ($intra_line =~ s/\s*@+([,;)}\]])/$1/e) {} # /g does not work here + # remove blinded comments etc. directly after [{( + while ($intra_line =~ s/([\[\{\(])@+\s?/$1/e) {} # /g does not work here + # remove blinded comments etc. directly before ,;)}] + while ($intra_line =~ s/\s?@+([,;\)\}\]])/$1/e) {} # /g does not work here # treat remaining blinded comments and string literal contents as (single) space during matching below $intra_line =~ s/@+/ /g; # note that double SPC has already been handled above $intra_line =~ s/\s+$//; # strip any (resulting) space at EOL @@ -826,7 +828,7 @@ while (<>) { # loop over all lines of all input files # check for code block containing a single line/statement if ($line_before2 > 0 && !$outermost_level && # within function body - $in_typedecl == 0 && @nested_indents == 0 && # not within type declaration nor inside stmt/expr + $in_typedecl == 0 && @nested_indents == 0 && # neither within type declaration nor inside stmt/expr m/^[\s@]*\}/) { # leading closing brace '}', any preceding blinded comment must not be matched # TODO extend detection from single-line to potentially multi-line statement if ($line_opening_brace > 0 && @@ -1072,7 +1074,13 @@ while (<>) { # loop over all lines of all input files $hanging_offset = 0; # compensate for this in case macro ends, e.g., as 'while (0)' } - unless (m/^\s*$/) { # essentially empty line: just whitespace (and maybe a '\') + if (m/^\s*$/) { # essentially empty line: just whitespace (and maybe a '\') + report("empty line at beginnig of file") if $line == 1 && !$sloppy_SPC; + } else { + if ($line_before > 0) { + my $linediff = $line - $line_before - 1; + report("$linediff empty lines before") if $linediff > 1 && !$sloppy_SPC; + } $line_before2 = $line_before; $contents_before2 = $contents_before; $contents_before_2 = $contents_before_; @@ -1095,7 +1103,7 @@ while (<>) { # loop over all lines of all input files if (eof) { # check for essentially empty line (which may include a '\') just before EOF report(($1 eq "\n" ? "empty line" : $2 ne "" ? "'\\'" : "whitespace")." at EOF") - if $contents =~ m/^(\s*(\\?)\s*)$/; + if $contents =~ m/^(\s*(\\?)\s*)$/ && !$sloppy_SPC; # report unclosed expression-level nesting check_nested_nonblock_indents("expr at EOF"); # also adapts @nested_block_indents From no-reply at appveyor.com Mon Jul 20 10:37:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 20 Jul 2020 10:37:01 +0000 Subject: Build completed: openssl master.35675 Message-ID: <20200720103701.1.7DBD8AD81895B978@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Mon Jul 20 10:40:16 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 20 Jul 2020 10:40:16 +0000 Subject: Errored: openssl/openssl#36218 (master - 16c6534) In-Reply-To: Message-ID: <5f15748fe34f_13fc8bee2e6d837325b@travis-pro-tasks-7cd5f5f85c-srd6b.mail> Build Update for openssl/openssl ------------------------------------- Build: #36218 Status: Errored Duration: 1 hr, 20 mins, and 16 secs Commit: 16c6534 (master) Author: Dr. David von Oheimb Message: check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12270) View the changeset: https://github.com/openssl/openssl/compare/53043311560f...16c6534b961a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176288096?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 20 11:01:21 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 20 Jul 2020 11:01:21 +0000 Subject: Build failed: openssl master.35677 Message-ID: <20200720110121.1.E96F907895FB4CCE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 20 12:14:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 12:14:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1595247251.127341.494.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3090, 860 wallclock secs (12.26 usr 1.22 sys + 798.61 cusr 58.18 csys = 870.27 CPU) Result: FAIL Makefile:3131: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3129: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 20 14:51:50 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 20 Jul 2020 14:51:50 +0000 Subject: Build failed: openssl master.35678 Message-ID: <20200720145150.1.DD626BD7AE7D6BD2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 20 15:32:40 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 20 Jul 2020 15:32:40 +0000 Subject: Build failed: openssl master.35680 Message-ID: <20200720153240.1.3701BDC8B801E7A6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 20 16:20:35 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 20 Jul 2020 16:20:35 +0000 Subject: Build completed: openssl master.35681 Message-ID: <20200720162035.1.45B788C1515A9AEE@appveyor.com> An HTML attachment was scrubbed... URL: From kaduk at mit.edu Mon Jul 20 19:39:15 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Mon, 20 Jul 2020 19:39:15 +0000 Subject: [openssl] master update Message-ID: <1595273955.080202.1989.nullmailer@dev.openssl.org> The branch master has been updated via 02e14a65fd6cc63204b43a79d510e95a63bdd901 (commit) from 16c6534b961a723781bb827211c705c7d7fb3727 (commit) - Log ----------------------------------------------------------------- commit 02e14a65fd6cc63204b43a79d510e95a63bdd901 Author: Dimitri John Ledkov Date: Tue Jul 14 17:55:49 2020 +0100 man3: Drop warning about using security levels higher than 1. Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12444) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_security_level.pod | 6 ------ 1 file changed, 6 deletions(-) diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index ef59d4eb20..4b1fef867c 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -114,12 +114,6 @@ I =head1 NOTES -B at this time setting the security level higher than 1 for -general internet use is likely to cause B interoperability -issues and is not recommended. This is because the B algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. - The default security level can be configured when OpenSSL is compiled by setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. From kaduk at mit.edu Mon Jul 20 19:39:46 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Mon, 20 Jul 2020 19:39:46 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1595273986.097397.3551.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 335266fa793c105e5e38cbaf098542cc372cdc2e (commit) from a47dd08d6cacc64536c2f57e0f0aee03dcfaab3d (commit) - Log ----------------------------------------------------------------- commit 335266fa793c105e5e38cbaf098542cc372cdc2e Author: Dimitri John Ledkov Date: Tue Jul 14 17:55:49 2020 +0100 man3: Drop warning about using security levels higher than 1. Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12444) (cherry picked from commit 02e14a65fd6cc63204b43a79d510e95a63bdd901) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_security_level.pod | 6 ------ 1 file changed, 6 deletions(-) diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index 0cb6c1f52a..ba0aa0b9ca 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -114,12 +114,6 @@ I =head1 NOTES -B at this time setting the security level higher than 1 for -general internet use is likely to cause B interoperability -issues and is not recommended. This is because the B algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. - The default security level can be configured when OpenSSL is compiled by setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. From openssl at openssl.org Mon Jul 20 20:12:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 20:12:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1595275920.713674.1986.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3227, 925 wallclock secs (12.83 usr 1.47 sys + 816.12 cusr 64.86 csys = 895.28 CPU) Result: FAIL Makefile:3129: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3127: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 20 22:34:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 20 Jul 2020 22:34:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1595284490.311971.12725.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. OPENSSL_FUNC:../openssl/apps/cmp.c:3121:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=205, Tests=2949, 782 wallclock secs (10.02 usr 1.40 sys + 721.32 cusr 51.68 csys = 784.42 CPU) Result: FAIL Makefile:2367: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2365: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Mon Jul 20 22:42:56 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 20 Jul 2020 22:42:56 +0000 Subject: Errored: openssl/openssl#36235 (master - 02e14a6) In-Reply-To: Message-ID: <5f161defcb7d7_13f8acb91243c316360@travis-pro-tasks-8bb59797b-mhjgd.mail> Build Update for openssl/openssl ------------------------------------- Build: #36235 Status: Errored Duration: 1 hr, 3 mins, and 14 secs Commit: 02e14a6 (master) Author: Dimitri John Ledkov Message: man3: Drop warning about using security levels higher than 1. Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12444) View the changeset: https://github.com/openssl/openssl/compare/16c6534b961a...02e14a65fd6c View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176381448?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Mon Jul 20 22:52:10 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 20 Jul 2020 22:52:10 +0000 Subject: [openssl] master update Message-ID: <1595285530.551177.21922.nullmailer@dev.openssl.org> The branch master has been updated via 823a113574451ea2e050bee7ce35861948ad55ca (commit) from 02e14a65fd6cc63204b43a79d510e95a63bdd901 (commit) - Log ----------------------------------------------------------------- commit 823a113574451ea2e050bee7ce35861948ad55ca Author: Shane Lontis Date: Mon Jul 20 11:18:24 2020 +1000 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12483) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_shim.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index d4d7cf1454..1d32073f84 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -403,7 +403,7 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) || !EVP_MAC_init(hmac_ctx) - || !EVP_MAC_set_ctx_params(hmac_ctx, params)) { + || !EVP_MAC_CTX_set_params(hmac_ctx, params)) { return -1; } From builds at travis-ci.com Tue Jul 21 02:52:49 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 21 Jul 2020 02:52:49 +0000 Subject: Errored: openssl/openssl#36241 (master - 823a113) In-Reply-To: Message-ID: <5f1658811208_13fb37a02afe0151753@travis-pro-tasks-7d7df54b9-fn4g7.mail> Build Update for openssl/openssl ------------------------------------- Build: #36241 Status: Errored Duration: 1 hr, 28 mins, and 22 secs Commit: 823a113 (master) Author: Shane Lontis Message: Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12483) View the changeset: https://github.com/openssl/openssl/compare/02e14a65fd6c...823a11357445 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176403512?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 21 03:41:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 21 Jul 2020 03:41:25 +0000 Subject: Build failed: openssl master.35701 Message-ID: <20200721034125.1.BF68D1CD7942F871@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 21 04:12:23 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 21 Jul 2020 04:12:23 +0000 Subject: Build completed: openssl master.35702 Message-ID: <20200721041223.1.8FAA6A60614993C1@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 21 04:37:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 04:37:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1595306264.847131.22713.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_public.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4117: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3087: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From shane.lontis at oracle.com Tue Jul 21 06:31:20 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 21 Jul 2020 06:31:20 +0000 Subject: [openssl] master update Message-ID: <1595313080.084957.24728.nullmailer@dev.openssl.org> The branch master has been updated via 9f7bdcf37f9541f7a1e4dc62ebdf97e8d8ccd307 (commit) from 823a113574451ea2e050bee7ce35861948ad55ca (commit) - Log ----------------------------------------------------------------- commit 9f7bdcf37f9541f7a1e4dc62ebdf97e8d8ccd307 Author: Shane Lontis Date: Tue Jul 21 16:30:02 2020 +1000 Add ERR_raise() errors to fips OSSL_provider_init and self tests. As the ERR_raise() is setup at this point returng a range of negative values for errors is not required. This will need to be revisited if the code ever moves to running from the DEP. Added a -config option to the fips install so that it can test if a fips module is loadable from configuration. (The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file). Added more failure tests for the raised errors. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12346) ----------------------------------------------------------------------- Summary of changes: apps/fipsinstall.c | 24 ++- crypto/err/openssl.txt | 7 + crypto/provider_core.c | 1 - doc/man1/openssl-fipsinstall.pod.in | 17 +++ doc/man5/fips_config.pod | 2 +- providers/common/include/prov/providercommonerr.h | 7 + providers/common/provider_err.c | 13 ++ providers/fips/fipsprov.c | 10 +- providers/fips/self_test.c | 34 ++++- test/recipes/03-test_fipsinstall.t | 171 +++++++++++++++++++--- 10 files changed, 254 insertions(+), 32 deletions(-) diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index c8687bec8f..bd1cd68477 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -38,7 +38,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_IN, OPT_OUT, OPT_MODULE, OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY, - OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET + OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG } OPTION_CHOICE; const OPTIONS fipsinstall_options[] = { @@ -62,6 +62,7 @@ const OPTIONS fipsinstall_options[] = { {"noout", OPT_NO_LOG, '-', "Disable logging of self test events"}, {"corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description"}, {"corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type"}, + {"config", OPT_CONFIG, '<', "The parent config to verify"}, {"quiet", OPT_QUIET, '-', "No messages, just exit status"}, {NULL} }; @@ -202,6 +203,11 @@ static void free_config_and_unload(CONF *conf) } } +static int verify_module_load(const char *parent_config_file) +{ + return OPENSSL_CTX_load_config(NULL, parent_config_file); +} + /* * Returns 1 if the config file entries match the passed in module_mac and * install_mac values, otherwise it returns 0. @@ -271,7 +277,7 @@ int fipsinstall_main(int argc, char **argv) const char *prov_name = "fips"; BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL; char *in_fname = NULL, *out_fname = NULL, *prog; - char *module_fname = NULL; + char *module_fname = NULL, *parent_config = NULL; EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL; STACK_OF(OPENSSL_STRING) *opts = NULL; OPTION_CHOICE o; @@ -328,6 +334,9 @@ opthelp: case OPT_MAC_NAME: mac_name = opt_arg(); break; + case OPT_CONFIG: + parent_config = opt_arg(); + break; case OPT_MACOPT: if (!sk_OPENSSL_STRING_push(opts, opt_arg())) goto opthelp; @@ -342,6 +351,17 @@ opthelp: } } argc = opt_num_rest(); + + if (parent_config != NULL) { + /* Test that a parent config can load the module */ + if (verify_module_load(parent_config)) { + ret = OSSL_PROVIDER_available(NULL, prov_name) ? 0 : 1; + if (!quiet) + BIO_printf(bio_out, "FIPS provider is %s\n", + ret == 0 ? "available" : " not available"); + } + goto end; + } if (module_fname == NULL || (verify && in_fname == NULL) || (!verify && out_fname == NULL) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index fe937e6139..fcc4fb5c1c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2854,8 +2854,10 @@ PROV_R_GENERATE_ERROR:191:generate error PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\ illegal or unsupported padding mode PROV_R_INAVLID_UKM_LENGTH:146:inavlid ukm length +PROV_R_INDICATOR_INTEGRITY_FAILURE:210:indicator integrity failure PROV_R_INSUFFICIENT_DRBG_STRENGTH:181:insufficient drbg strength PROV_R_INVALID_AAD:108:invalid aad +PROV_R_INVALID_CONFIG_DATA:211:invalid config data PROV_R_INVALID_CONSTANT_LENGTH:157:invalid constant length PROV_R_INVALID_CURVE:176:invalid curve PROV_R_INVALID_CUSTOM_LENGTH:111:invalid custom length @@ -2878,6 +2880,7 @@ PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_SEED_LENGTH:154:invalid seed length PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size +PROV_R_INVALID_STATE:212:invalid state PROV_R_INVALID_TAG:110:invalid tag PROV_R_INVALID_TAGLEN:118:invalid taglen PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest @@ -2885,6 +2888,7 @@ PROV_R_IN_ERROR_STATE:192:in error state PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small PROV_R_MISSING_CEK_ALG:144:missing cek alg PROV_R_MISSING_CIPHER:155:missing cipher +PROV_R_MISSING_CONFIG_DATA:213:missing config data PROV_R_MISSING_CONSTANT:156:missing constant PROV_R_MISSING_KEY:128:missing key PROV_R_MISSING_MAC:150:missing mac @@ -2897,6 +2901,7 @@ PROV_R_MISSING_SEED:140:missing seed PROV_R_MISSING_SESSION_ID:133:missing session id PROV_R_MISSING_TYPE:134:missing type PROV_R_MISSING_XCGHASH:135:missing xcghash +PROV_R_MODULE_INTEGRITY_FAILURE:214:module integrity failure PROV_R_NOT_INSTANTIATED:193:not instantiated PROV_R_NOT_SUPPORTED:136:not supported PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length @@ -2913,6 +2918,8 @@ PROV_R_READ_KEY:159:read key PROV_R_REQUEST_TOO_LARGE_FOR_DRBG:196:request too large for drbg PROV_R_REQUIRE_CTR_MODE_CIPHER:206:require ctr mode cipher PROV_R_RESEED_ERROR:197:reseed error +PROV_R_SELF_TEST_KAT_FAILURE:215:self test kat failure +PROV_R_SELF_TEST_POST_FAILURE:216:self test post failure PROV_R_TAG_NOTSET:119:tag notset PROV_R_TAG_NOT_NEEDED:120:tag not needed PROV_R_UNABLE_TO_FIND_CIPHERS:207:unable to find ciphers diff --git a/crypto/provider_core.c b/crypto/provider_core.c index f68fd8f0f9..b6586f904e 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -611,7 +611,6 @@ static int provider_activate(OSSL_PROVIDER *prov) /* With this flag set, this provider has become fully "loaded". */ prov->flag_initialized = 1; - return 1; } diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 30df7bf3e9..ec83e0950f 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -21,6 +21,7 @@ B [B<-quiet>] [B<-corrupt_desc> I] [B<-corrupt_type> I] +[B<-config> I] =head1 DESCRIPTION @@ -143,6 +144,14 @@ Either option or both may be used to select the tests to corrupt. Refer to the entries for B and B in L for values that can be used. +=item B<-config> I + +Test that a FIPS provider can be loaded from the specified configuration file. +A previous call to this application needs to generate the extra configuration +data that is included by the base C configuration file. +See L for further information on how to set up a provider section. +All other options are ignored if '-config' is used. + =back =head1 EXAMPLES @@ -167,8 +176,16 @@ Corrupt any self tests which have the description C: -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ -corrupt_desc 'SHA1' +Validate that the fips module can be loaded from a base configuration file: + + export OPENSSL_CONF_INCLUDE= + export OPENSSL_MODULES= + openssl fipsinstall -config' 'default.cnf' + + =head1 SEE ALSO +L, L, L, L diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod index 5077f30ecd..ebf6d685cc 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -59,7 +59,7 @@ It is written-to at the same time as B is updated. For example: - [fips_install] + [fips_sect] install-version = 1 module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index c21537fd4f..f5fd37d9cc 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -78,8 +78,10 @@ int ERR_load_PROV_strings(void); # define PROV_R_GENERATE_ERROR 191 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 # define PROV_R_INAVLID_UKM_LENGTH 146 +# define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 # define PROV_R_INVALID_AAD 108 +# define PROV_R_INVALID_CONFIG_DATA 211 # define PROV_R_INVALID_CONSTANT_LENGTH 157 # define PROV_R_INVALID_CURVE 176 # define PROV_R_INVALID_CUSTOM_LENGTH 111 @@ -102,6 +104,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_SEED_LENGTH 154 # define PROV_R_INVALID_SIGNATURE_SIZE 179 +# define PROV_R_INVALID_STATE 212 # define PROV_R_INVALID_TAG 110 # define PROV_R_INVALID_TAGLEN 118 # define PROV_R_INVALID_X931_DIGEST 170 @@ -109,6 +112,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_KEY_SIZE_TOO_SMALL 171 # define PROV_R_MISSING_CEK_ALG 144 # define PROV_R_MISSING_CIPHER 155 +# define PROV_R_MISSING_CONFIG_DATA 213 # define PROV_R_MISSING_CONSTANT 156 # define PROV_R_MISSING_KEY 128 # define PROV_R_MISSING_MAC 150 @@ -121,6 +125,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_MISSING_SESSION_ID 133 # define PROV_R_MISSING_TYPE 134 # define PROV_R_MISSING_XCGHASH 135 +# define PROV_R_MODULE_INTEGRITY_FAILURE 214 # define PROV_R_NOT_INSTANTIATED 193 # define PROV_R_NOT_SUPPORTED 136 # define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 @@ -136,6 +141,8 @@ int ERR_load_PROV_strings(void); # define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG 196 # define PROV_R_REQUIRE_CTR_MODE_CIPHER 206 # define PROV_R_RESEED_ERROR 197 +# define PROV_R_SELF_TEST_KAT_FAILURE 215 +# define PROV_R_SELF_TEST_POST_FAILURE 216 # define PROV_R_TAG_NOTSET 119 # define PROV_R_TAG_NOT_NEEDED 120 # define PROV_R_UNABLE_TO_FIND_CIPHERS 207 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 7a0e0c595d..7a5c41bfda 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -63,9 +63,13 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "illegal or unsupported padding mode"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INAVLID_UKM_LENGTH), "inavlid ukm length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INDICATOR_INTEGRITY_FAILURE), + "indicator integrity failure"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INSUFFICIENT_DRBG_STRENGTH), "insufficient drbg strength"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONFIG_DATA), + "invalid config data"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONSTANT_LENGTH), "invalid constant length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CURVE), "invalid curve"}, @@ -98,6 +102,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "invalid seed length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SIGNATURE_SIZE), "invalid signature size"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST), @@ -107,6 +112,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "key size too small"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CIPHER), "missing cipher"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONFIG_DATA), + "missing config data"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONSTANT), "missing constant"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_KEY), "missing key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MAC), "missing mac"}, @@ -121,6 +128,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "missing session id"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_TYPE), "missing type"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_XCGHASH), "missing xcghash"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MODULE_INTEGRITY_FAILURE), + "module integrity failure"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_INSTANTIATED), "not instantiated"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), @@ -145,6 +154,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER), "require ctr mode cipher"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_RESEED_ERROR), "reseed error"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_KAT_FAILURE), + "self test kat failure"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE), + "self test post failure"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOTSET), "tag notset"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_FIND_CIPHERS), diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index a998e392d7..c91ad1c6d7 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -31,6 +31,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/providercommon.h" +#include "prov/providercommonerr.h" #include "prov/provider_util.h" #include "self_test.h" @@ -700,8 +701,10 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, selftest_params.cb_arg = NULL; } - if (!c_get_params(handle, core_params)) + if (!c_get_params(handle, core_params)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; + } /* Create a context. */ if ((*provctx = PROV_CTX_new()) == NULL @@ -724,8 +727,10 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, fgbl->handle = handle; selftest_params.libctx = libctx; - if (!SELF_TEST_post(&selftest_params, 0)) + if (!SELF_TEST_post(&selftest_params, 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE); goto err; + } /* * TODO(3.0): Remove me. This is just a dummy call to demonstrate making @@ -735,7 +740,6 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, goto err; *out = fips_dispatch_table; - return 1; err: fips_teardown(*provctx); diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index 58aa42eed8..8902510b44 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -12,7 +12,9 @@ #include #include #include +#include #include "e_os.h" +#include "prov/providercommonerr.h" /* * We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS * module because all such initialisation should be associated with an @@ -206,6 +208,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (!on_demand_test) return 1; } else if (loclstate != FIPS_STATE_SELFTEST) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE); return 0; } @@ -218,11 +221,14 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) FIPS_state = FIPS_STATE_SELFTEST; } else if (FIPS_state != FIPS_STATE_SELFTEST) { CRYPTO_THREAD_unlock(self_test_lock); + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE); return 0; } if (st == NULL - || st->module_checksum_data == NULL) + || st->module_checksum_data == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; + } ev = OSSL_SELF_TEST_new(st->cb, st->cb_arg); if (ev == NULL) @@ -230,16 +236,20 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, &checksum_len); - if (module_checksum == NULL) + if (module_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; + } bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb"); /* Always check the integrity of the fips module */ if (bio_module == NULL || !verify_integrity(bio_module, st->bio_read_ex_cb, module_checksum, checksum_len, st->libctx, - ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) + ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { + ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); goto end; + } /* This will be NULL during installation - so the self test KATS will run */ if (st->indicator_data != NULL) { @@ -247,12 +257,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) * If the kats have already passed indicator is set - then check the * integrity of the indicator. */ - if (st->indicator_checksum_data == NULL) + if (st->indicator_checksum_data == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; + } indicator_checksum = OPENSSL_hexstr2buf(st->indicator_checksum_data, &checksum_len); - if (indicator_checksum == NULL) + if (indicator_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; + } bio_indicator = (*st->bio_new_buffer_cb)(st->indicator_data, @@ -261,16 +275,20 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) || !verify_integrity(bio_indicator, st->bio_read_ex_cb, indicator_checksum, checksum_len, st->libctx, ev, - OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)) + OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INDICATOR_INTEGRITY_FAILURE); goto end; - else + } else { kats_already_passed = 1; + } } /* Only runs the KAT's during installation OR on_demand() */ if (on_demand_test || kats_already_passed == 0) { - if (!SELF_TEST_kats(ev, st->libctx)) + if (!SELF_TEST_kats(ev, st->libctx)) { + ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); goto end; + } } ok = 1; end: diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 64970bea5a..1d7a1ff6ae 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -12,7 +12,7 @@ use warnings; use File::Spec; use File::Copy; use OpenSSL::Glob; -use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; use OpenSSL::Test::Utils; BEGIN { @@ -24,23 +24,73 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 12; +plan tests => 23; my $infile = bldtop_file('providers', platform->dso('fips')); my $fipskey = $ENV{FIPSKEY} // '00'; +# Read in a text $infile and replace the regular expression in $srch with the +# value in $repl and output to a new file $outfile. +sub replace_line_file_internal { + + my ($infile, $srch, $repl, $outfile) = @_; + my $msg; + + open(my $in, "<", $infile) or return 0; + read($in, $msg, 1024); + close $in; + + $msg =~ s/$srch/$repl/; + + open(my $fh, ">", $outfile) or return 0; + print $fh $msg; + close $fh; + return 1; +} + +# Read in the text input file 'fips.cnf' +# and replace a single Key = Value line with a new value in $value. +# OR remove the Key = Value line if the passed in $value is empty. +# and then output a new file $outfile. +# $key is the Key to find +sub replace_line_file { + my ($key, $value, $outfile) = @_; + + my $srch = qr/$key\s*=\s*\S*\n/; + my $rep; + if ($value eq "") { + $rep = ""; + } else { + $rep = "$key = $value\n"; + } + return replace_line_file_internal('fips.cnf', $srch, $rep, $outfile); +} + +# Read in the text input file 'test/fips.cnf' +# and replace the .cnf file used in +# .include fipsmodule.cnf with a new value in $value. +# and then output a new file $outfile. +# $key is the Key to find +sub replace_parent_line_file { + my ($value, $outfile) = @_; + my $srch = qr/fipsmodule.cnf/; + my $rep = "$value"; + return replace_line_file_internal(srctop_file("test", 'fips.cnf'), + $srch, $rep, $outfile); +} + # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', '-provider_name', 'fips', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install'])), + '-section_name', 'fips_sect'])), "fipsinstall fail"); # fail to verify if the configuration file is missing ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-verify'])), + '-section_name', 'fips_sect', '-verify'])), "fipsinstall verify fail"); @@ -48,56 +98,104 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install'])), + '-section_name', 'fips_sect'])), "fipsinstall"); # verify the fips.cnf file ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-verify'])), + '-section_name', 'fips_sect', '-verify'])), "fipsinstall verify"); +ok(replace_line_file('module-mac', '', 'fips_no_module_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_no_module_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail no module mac"); + +ok(replace_line_file('install-mac', '', 'fips_no_install_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_no_install_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail no install indicator mac"); + +ok(replace_line_file('module-mac', '00:00:00:00:00:00', + 'fips_bad_module_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_bad_module_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail if invalid module integrity value"); + +ok(replace_line_file('install-mac', '00:00:00:00:00:00', + 'fips_bad_install_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_bad_install_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail if invalid install indicator integrity value"); + +ok(replace_line_file('install-status', 'INCORRECT_STATUS_STRING', + 'fips_bad_indicator.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_bad_indicator.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail if invalid install indicator status"); + # fail to verify the fips.cnf file if a different key is used ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_install', '-verify'])), + '-section_name', 'fips_sect', '-verify'])), "fipsinstall verify fail bad key"); # fail to verify the fips.cnf file if a different mac digest is used ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA512', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-verify'])), + '-section_name', 'fips_sect', '-verify'])), "fipsinstall verify fail incorrect digest"); # corrupt the module hmac ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])), + '-section_name', 'fips_sect', '-corrupt_desc', 'HMAC'])), "fipsinstall fails when the module integrity is corrupted"); # corrupt the first digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])), + '-section_name', 'fips_sect', '-corrupt_desc', 'SHA1'])), "fipsinstall fails when the digest result is corrupted"); # corrupt another digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])), + '-section_name', 'fips_sect', '-corrupt_desc', 'SHA3'])), "fipsinstall fails when the digest result is corrupted"); # corrupt DRBG -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])), + '-section_name', 'fips_sect', '-corrupt_desc', 'CTR'])), "fipsinstall fails when the DRBG CTR result is corrupted"); # corrupt a KAS test @@ -108,7 +206,7 @@ SKIP: { ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', + '-section_name', 'fips_sect', '-corrupt_desc', 'DH', '-corrupt_type', 'KAT_KA'])), "fipsinstall fails when the kas result is corrupted"); @@ -121,8 +219,47 @@ SKIP: { ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_install', + '-section_name', 'fips_sect', '-corrupt_desc', 'DSA', '-corrupt_type', 'KAT_Signature'])), "fipsinstall fails when the signature result is corrupted"); } + +$ENV{OPENSSL_CONF_INCLUDE} = "."; + +ok(replace_parent_line_file('fips.cnf', 'fips_parent.cnf') + && run(app(['openssl', 'fipsinstall', '-config', 'fips_parent.cnf'])), + "verify fips provider loads from a configuration file"); + +ok(replace_parent_line_file('fips_no_module_mac.cnf', + 'fips_parent_no_module_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-config', 'fips_parent_no_module_mac.cnf'])), + "verify load config fail no module mac"); + +ok(replace_parent_line_file('fips_no_install_mac.cnf', + 'fips_parent_no_install_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-config', 'fips_parent_no_install_mac.cnf'])), + "verify load config fail no install mac"); + +ok(replace_parent_line_file('fips_bad_indicator.cnf', + 'fips_parent_bad_indicator.cnf') + && !run(app(['openssl', 'fipsinstall', + '-config', 'fips_parent_bad_indicator.cnf'])), + "verify load config fail bad indicator"); + + +ok(replace_parent_line_file('fips_bad_install_mac.cnf', + 'fips_parent_bad_install_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-config', 'fips_parent_bad_install_mac.cnf'])), + "verify load config fail bad install mac"); + +ok(replace_parent_line_file('fips_bad_module_mac.cnf', + 'fips_parent_bad_module_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-config', 'fips_parent_bad_module_mac.cnf'])), + "verify load config fail bad module mac"); + +delete $ENV{OPENSSL_CONF_INCLUDE}; From beldmit at gmail.com Tue Jul 21 07:33:18 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 21 Jul 2020 07:33:18 +0000 Subject: [openssl] master update Message-ID: <1595316798.873331.14321.nullmailer@dev.openssl.org> The branch master has been updated via 7e4f01d8ba9983b37758eb8842c64500ee0b29ca (commit) from 9f7bdcf37f9541f7a1e4dc62ebdf97e8d8ccd307 (commit) - Log ----------------------------------------------------------------- commit 7e4f01d8ba9983b37758eb8842c64500ee0b29ca Author: Nihal Jere Date: Sun Jul 19 16:54:07 2020 -0500 fixed swapped parameter descriptions for x509 CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12482) ----------------------------------------------------------------------- Summary of changes: apps/x509.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index bf168b7863..c09bca37bc 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -117,9 +117,9 @@ const OPTIONS x509_options[] = { {"C", OPT_C, '-', "Print out C code forms"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, #endif {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, From openssl at openssl.org Tue Jul 21 09:36:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 09:36:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1595324205.975291.27692.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_public.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4131: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3101: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From levitte at openssl.org Tue Jul 21 09:53:02 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 21 Jul 2020 09:53:02 +0000 Subject: [openssl] master update Message-ID: <1595325182.125161.28327.nullmailer@dev.openssl.org> The branch master has been updated via 904f42509f8d5e6210113e49a7e41ed2b1dd5a81 (commit) from 7e4f01d8ba9983b37758eb8842c64500ee0b29ca (commit) - Log ----------------------------------------------------------------- commit 904f42509f8d5e6210113e49a7e41ed2b1dd5a81 Author: Richard Levitte Date: Mon Jul 20 09:11:15 2020 +0200 PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are FIPS / non-FIPS specific. Since bio_prov.c checks FIPS_MODULE, it belongs to the latter. Along with this, a bit more instruction commentary is added to providers/build.info. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/12486) ----------------------------------------------------------------------- Summary of changes: providers/build.info | 20 ++++++++++++++++++++ providers/common/build.info | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/providers/build.info b/providers/build.info index 873f12a853..b1bb966b70 100644 --- a/providers/build.info +++ b/providers/build.info @@ -27,6 +27,26 @@ # libnonfips.a Corresponds to libfips.a, but built with # FIPS_MODULE undefined. The default and legacy # providers use this. +# +# This is how different provider modules should be linked: +# +# FIPS: +# -o fips.so {object files...} libimplementations.a libcommon.a libfips.a +# Non-FIPS: +# -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a +# +# It is crucial that code that checks for the FIPS_MODULE macro end up in +# libfips.a and libnonfips.a, never in libcommon.a. +# It is crucial that such code is written so libfips.a and libnonfips.a doesn't +# end up depending on libimplementations.a or libcommon.a. +# It is crucial that such code is written so libcommon.a doesn't end up +# depending on libimplementations.a. +# +# Code in providers/implementations/ should be written in such a way that the +# OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends +# up in either libimplementations.a or liblegacy.a. +# If need be, write an abstraction layer in separate source files and make them +# libfips.a / libnonfips.a sources. SUBDIRS=common implementations diff --git a/providers/common/build.info b/providers/common/build.info index 14add72dd6..fb04883507 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,6 +1,6 @@ SUBDIRS=der -SOURCE[../libcommon.a]=provider_err.c bio_prov.c provider_ctx.c -$FIPSCOMMON=provider_util.c capabilities.c +SOURCE[../libcommon.a]=provider_err.c provider_ctx.c +$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c SOURCE[../libfips.a]=$FIPSCOMMON From builds at travis-ci.com Tue Jul 21 10:40:58 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 21 Jul 2020 10:40:58 +0000 Subject: Errored: openssl/openssl#36252 (master - 9f7bdcf) In-Reply-To: Message-ID: <5f16c638a7f42_13fa060fd655c34233e@travis-pro-tasks-7b48d77b8d-tv4qk.mail> Build Update for openssl/openssl ------------------------------------- Build: #36252 Status: Errored Duration: 1 hr, 34 mins, and 59 secs Commit: 9f7bdcf (master) Author: Shane Lontis Message: Add ERR_raise() errors to fips OSSL_provider_init and self tests. As the ERR_raise() is setup at this point returng a range of negative values for errors is not required. This will need to be revisited if the code ever moves to running from the DEP. Added a -config option to the fips install so that it can test if a fips module is loadable from configuration. (The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file). Added more failure tests for the raised errors. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12346) View the changeset: https://github.com/openssl/openssl/compare/823a11357445...9f7bdcf37f95 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176447233?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Tue Jul 21 11:55:08 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 21 Jul 2020 11:55:08 +0000 Subject: Errored: openssl/openssl#36253 (master - 7e4f01d) In-Reply-To: Message-ID: <5f16d79c44a9c_13fa061a35bec5079f7@travis-pro-tasks-7b48d77b8d-tv4qk.mail> Build Update for openssl/openssl ------------------------------------- Build: #36253 Status: Errored Duration: 1 hr, 35 mins, and 36 secs Commit: 7e4f01d (master) Author: Nihal Jere Message: fixed swapped parameter descriptions for x509 CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12482) View the changeset: https://github.com/openssl/openssl/compare/9f7bdcf37f95...7e4f01d8ba99 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176453046?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 21 13:22:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 13:22:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1595337737.611303.11821.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40A71078E37F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4007A40BA57F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 4007A40BA57F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3227, 1595 wallclock secs (12.81 usr 1.32 sys + 1508.38 cusr 82.85 csys = 1605.36 CPU) Result: FAIL Makefile:3137: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3135: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 21 13:46:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 13:46:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1595339201.209744.28706.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 177. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3227, 897 wallclock secs (12.56 usr 1.25 sys + 796.20 cusr 61.69 csys = 871.70 CPU) Result: FAIL Makefile:3142: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3140: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jul 21 13:57:29 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 21 Jul 2020 13:57:29 +0000 Subject: Errored: openssl/openssl#36257 (master - 904f425) In-Reply-To: Message-ID: <5f16f44954981_13ff344ea91c0366750@travis-pro-tasks-5949d79ccf-ngh6f.mail> Build Update for openssl/openssl ------------------------------------- Build: #36257 Status: Errored Duration: 1 hr, 36 mins, and 19 secs Commit: 904f425 (master) Author: Richard Levitte Message: PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are FIPS / non-FIPS specific. Since bio_prov.c checks FIPS_MODULE, it belongs to the latter. Along with this, a bit more instruction commentary is added to providers/build.info. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/12486) View the changeset: https://github.com/openssl/openssl/compare/7e4f01d8ba99...904f42509f8d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176470913?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 21 16:33:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 16:33:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1595349234.406886.19102.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3224, 827 wallclock secs (12.22 usr 1.13 sys + 764.73 cusr 61.28 csys = 839.36 CPU) Result: FAIL Makefile:3114: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3112: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Tue Jul 21 16:53:14 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 21 Jul 2020 16:53:14 +0000 Subject: [openssl] master update Message-ID: <1595350394.180940.8577.nullmailer@dev.openssl.org> The branch master has been updated via 5ac582d949c4f0dbf919c99d59496035a1f7e982 (commit) via 8eca461731feb25b94ccf181e76ec2723e27769a (commit) from 904f42509f8d5e6210113e49a7e41ed2b1dd5a81 (commit) - Log ----------------------------------------------------------------- commit 5ac582d949c4f0dbf919c99d59496035a1f7e982 Author: Richard Levitte Date: Mon Jul 20 17:14:45 2020 +0200 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod The 'cert_cb' / 'client_cert_cb' arguments had extra, a bit weird documentation. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12494) commit 8eca461731feb25b94ccf181e76ec2723e27769a Author: Richard Levitte Date: Mon Jul 20 17:10:44 2020 +0200 util/find-doc-nits: Relax check of function declarations in name_synopsis() The relaxation allows spaces between function name and argument list, to allow line breaks like this when there are very long names: int (fantastically_long_name_breaks_80char_limit) (fantastically_long_name_breaks_80char_limit *something); This revealed some other intricaties, such as documented internal structures with function pointers inside, so a check of open structures was also added, and they are now simply skipped over. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12494) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_cert_cb.pod | 16 +++++++--------- doc/man3/SSL_CTX_set_client_cert_cb.pod | 17 ++++++++--------- util/find-doc-nits | 25 +++++++++++++++++++++++-- 3 files changed, 38 insertions(+), 20 deletions(-) diff --git a/doc/man3/SSL_CTX_set_cert_cb.pod b/doc/man3/SSL_CTX_set_cert_cb.pod index 5db981bc6f..efcd25a538 100644 --- a/doc/man3/SSL_CTX_set_cert_cb.pod +++ b/doc/man3/SSL_CTX_set_cert_cb.pod @@ -12,26 +12,24 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function void *arg); void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); - int (*cert_cb)(SSL *ssl, void *arg); - =head1 DESCRIPTION -SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, -B value is pointer which is passed to the application callback. +SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the I callback, +I value is pointer which is passed to the application callback. -When cert_cb() is NULL, no callback function is used. +When I is NULL, no callback function is used. -cert_cb() is the application defined callback. It is called before a +I is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect -the passed B structure and set or clear any appropriate certificates. If +the passed I structure and set or clear any appropriate certificates. If the callback is successful it B return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. L will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake -function will again lead to the call of cert_cb(). It is the job of the -cert_cb() to store information about the state of the last call, +function will again lead to the call of I. It is the job of the +I to store information about the state of the last call, if required to continue. =head1 NOTES diff --git a/doc/man3/SSL_CTX_set_client_cert_cb.pod b/doc/man3/SSL_CTX_set_client_cert_cb.pod index 719e831a3f..977ad02155 100644 --- a/doc/man3/SSL_CTX_set_client_cert_cb.pod +++ b/doc/man3/SSL_CTX_set_client_cert_cb.pod @@ -13,29 +13,28 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certifica EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); - int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); =head1 DESCRIPTION -SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is +SSL_CTX_set_client_cert_cb() sets the I callback, that is called when a client certificate is requested by a server and no certificate was yet set for the SSL object. -When client_cert_cb() is NULL, no callback function is used. +When I is NULL, no callback function is used. SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback function. -client_cert_cb() is the application defined callback. If it wants to +I is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set -using the B and B arguments and "1" must be returned. The -certificate will be installed into B, see the NOTES and BUGS sections. +using the I and I arguments and "1" must be returned. The +certificate will be installed into I, see the NOTES and BUGS sections. If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the handshake function will return immediately. L will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call -of client_cert_cb(). It is the job of the client_cert_cb() to store information +of I. It is the job of the I to store information about the state of the last call, if required to continue. =head1 NOTES @@ -65,12 +64,12 @@ a certificate. =head1 RETURN VALUES -SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or +SSL_CTX_get_client_cert_cb() returns function pointer of I or NULL if the callback is not set. =head1 BUGS -The client_cert_cb() cannot return a complete certificate chain, it can +The I cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root CA certificate may be omitted according to the TLS standard and thus a standard conforming answer can be sent to the server. For a diff --git a/util/find-doc-nits b/util/find-doc-nits index c82e647bf5..3558180603 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -311,6 +311,7 @@ sub name_synopsis { # Find all functions in SYNOPSIS return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms; my $syn = $1; + my $ignore_until = undef; # If defined, this is a regexp # Remove all non-code lines $syn =~ s/^(?:\s*?|\S.*?)$//msg; # Remove all comments @@ -327,6 +328,19 @@ sub name_synopsis { my $line = $1; $syn = $'; + print STDERR "DEBUG[name_synopsis] \$line = '$line'\n" if $debug; + + # Special code to skip over documented structures + if ( defined $ignore_until) { + next if $line !~ /$ignore_until/; + $ignore_until = undef; + next; + } + if ( $line =~ /^\s*(?:typedef\s+)?struct(?:\s+\S+)\s*\{/ ) { + $ignore_until = qr/\}.*?;/; + next; + } + my $sym; my $is_prototype = 1; $line =~ s/STACK_OF\([^)]+\)/int/g; @@ -353,7 +367,7 @@ sub name_synopsis { # a callback function pointer: typedef ... (*NAME)(... # a callback function signature: typedef ... (NAME)(... $sym = $1; - } elsif ( $line =~ /typedef.* (\S+)\(/ ) { + } elsif ( $line =~ /typedef.* (\S+)\s*\(/ ) { # a callback function signature: typedef ... NAME(... $sym = $1; } elsif ( $line =~ /typedef.* (\S+);/ ) { @@ -366,12 +380,19 @@ sub name_synopsis { } elsif ( $line =~ /#\s*(?:define|undef) ([A-Za-z0-9_]+)/ ) { $is_prototype = 0; $sym = $1; - } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) { + } elsif ( $line =~ /^[^\(]*?\(\*([A-Za-z0-9_]+)\s*\(/ ) { + # a function returning a function pointer: TYPE (*NAME(args))(args) + $sym = $1; + } elsif ( $line =~ /^[^\(]*?([A-Za-z0-9_]+)\s*\(/ ) { + # a simple function declaration $sym = $1; } else { next; } + + print STDERR "DEBUG[name_synopsis] \$sym = '$sym'\n" if $debug; + err($id, "$sym missing from NAME section") unless defined $names{$sym}; $names{$sym} = 2; From viktor at openssl.org Tue Jul 21 18:41:17 2020 From: viktor at openssl.org (Viktor Dukhovni) Date: Tue, 21 Jul 2020 18:41:17 +0000 Subject: [openssl] master update Message-ID: <1595356877.631866.6685.nullmailer@dev.openssl.org> The branch master has been updated via 77174598920a05826a28d8a0bd87a3af43d3f4d8 (commit) from 5ac582d949c4f0dbf919c99d59496035a1f7e982 (commit) - Log ----------------------------------------------------------------- commit 77174598920a05826a28d8a0bd87a3af43d3f4d8 Author: Viktor Dukhovni Date: Thu Jul 16 23:30:43 2020 -0200 Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale GH: #12472 ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 16 ++++++++++++++++ doc/man3/SSL_CONF_cmd.pod | 29 +++++++++++++++++++++-------- doc/man5/config.pod | 7 ++++++- ssl/ssl_conf.c | 7 +++++++ ssl/statem/statem_lib.c | 34 +++++++++++++++++++--------------- 5 files changed, 69 insertions(+), 24 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5ff188c18c..14694739ae 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,22 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + + *Viktor Dukhovni* + * Deprecated the `ENGINE` API. Engines should be replaced with providers going forward. diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 753d6778df..97ebff047f 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -178,12 +178,17 @@ See L for more information. =item B<-min_protocol> I, B<-max_protocol> I -Sets the minimum and maximum supported protocol. Currently supported -protocol values are B, B, B, B, B -for TLS and B, B for DTLS, and B for no limit. -If either bound is not specified then only the other bound applies, -if specified. To restrict the supported protocol versions use these -commands rather than the deprecated alternative commands below. +Sets the minimum and maximum supported protocol. +Currently supported protocol values are B, B, B, +B, B for TLS; B, B for DTLS, and B +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. =item B<-record_padding> I @@ -389,7 +394,11 @@ This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B @@ -397,7 +406,11 @@ This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 58948b4b78..2618cef588 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -299,10 +299,15 @@ section with the configuration for that name. For example: The configuration name B has a special meaning. If it exists, it is applied whenever an B object is created. For example, -to impose a system-wide minimum on protocol version: +to impose system-wide minimum TLS and DTLS protocol versions: [tls_system_default] MinProtocol = TLSv1.2 + MinProtocol = DTLSv1.2 + +The minimum TLS protocol is applied to B objects that are TLS-based, +and the minimum DTLS protocol to those are DTLS-based. +The same applies also to maximum versions set with B. Each configuration section consists of name/value pairs that are parsed by B, which will be called by SSL_CTX_config() or diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index aefe8ad203..fe9b8ec3ea 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -303,6 +303,13 @@ static int protocol_from_string(const char *value) const char *name; int version; }; + /* + * Note: To avoid breaking previously valid configurations, we must retain + * legacy entries in this table even if the underlying protocol is no + * longer supported. This also means that the constants SSL3_VERSION, ... + * need to be retained indefinitely. This table can only grow, never + * shrink. + */ static const struct protocol_versions versions[] = { {"None", 0}, {"SSLv3", SSL3_VERSION}, diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index de8212747f..d8aab20e92 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1679,11 +1679,22 @@ int ssl_check_version_downgrade(SSL *s) */ int ssl_set_version_bound(int method_version, int version, int *bound) { + int valid_tls; + int valid_dtls; + if (version == 0) { *bound = version; return 1; } + valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL; + valid_dtls = + DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) && + DTLS_VERSION_GE(version, DTLS1_BAD_VER); + + if (!valid_tls && !valid_dtls) + return 0; + /*- * Restrict TLS methods to TLS protocol versions. * Restrict DTLS methods to DTLS protocol versions. @@ -1694,31 +1705,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * configurations. If the MIN (supported) version ever rises, the user's * "floor" remains valid even if no longer available. We don't expect the * MAX ceiling to ever get lower, so making that variable makes sense. + * + * We ignore attempts to set bounds on version-inflexible methods, + * returning success. */ switch (method_version) { default: - /* - * XXX For fixed version methods, should we always fail and not set any - * bounds, always succeed and not set any bounds, or set the bounds and - * arrange to fail later if they are not met? At present fixed-version - * methods are not subject to controls that disable individual protocol - * versions. - */ - return 0; + break; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION_INTERNAL) - return 0; + if (valid_tls) + *bound = version; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION_INTERNAL) || - DTLS_VERSION_LT(version, DTLS1_BAD_VER)) - return 0; + if (valid_dtls) + *bound = version; break; } - - *bound = version; return 1; } From openssl at openssl.org Tue Jul 21 19:14:58 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 19:14:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1595358898.658348.3497.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01060B0257F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01060B0257F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01060B0257F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/fW2zCcLdxH default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A08E60147F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A08E60147F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A08E60147F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A08E60147F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A08E60147F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A08E60147F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/fW2zCcLdxH fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3226, 861 wallclock secs (13.03 usr 1.28 sys + 791.30 cusr 62.07 csys = 867.68 CPU) Result: FAIL Makefile:3129: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3127: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jul 21 20:41:19 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 21 Jul 2020 20:41:19 +0000 Subject: Errored: openssl/openssl#36268 (master - 5ac582d) In-Reply-To: Message-ID: <5f1752f04052d_13f9ca7fbbd54456dd@travis-pro-tasks-69ffb6cff6-744gn.mail> Build Update for openssl/openssl ------------------------------------- Build: #36268 Status: Errored Duration: 1 hr, 28 mins, and 14 secs Commit: 5ac582d (master) Author: Richard Levitte Message: DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod The 'cert_cb' / 'client_cert_cb' arguments had extra, a bit weird documentation. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12494) View the changeset: https://github.com/openssl/openssl/compare/904f42509f8d...5ac582d949c4 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176548864?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 21 21:36:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 21:36:43 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1595367403.561645.7001.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01070E5B97F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01070E5B97F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01070E5B97F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/ahB6yZrtBf default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010F9F5607F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010F9F5607F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010F9F5607F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010F9F5607F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010F9F5607F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010F9F5607F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/ahB6yZrtBf fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3226, 856 wallclock secs (12.98 usr 1.42 sys + 786.16 cusr 63.88 csys = 864.44 CPU) Result: FAIL Makefile:3133: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3131: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 21 22:23:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 21 Jul 2020 22:23:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1595370225.447408.7437.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: f64f17c3e0 Added missing ';' after methods in the synopsis section of pod files 93e32043cb util/find-doc-nits: relax some SYNOPSIS checks d3cb5904f3 util/find-doc-nits: read full declarations as one line in name_synopsis() 43b3ab6f87 Fix typo for SSL_get_peer_certificate() 1bb78e72b9 Remove util/openssl-update-copyright a85c902125 mac: always pass a non-NULL output size pointer to providers. 3fc164e8d1 doc: Fix documentation of EVP_EncryptUpdate(). b99c463d78 install: add notes about ignored seed sources in the FIPS provider. 45554b5c71 rand: detect if FIPS approved randomness sources are being used. 8e78da0666 Fix trailing whitespace mismatch error when running 02-test_errstr. cb9bb7350d 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 1e76cb002a test/run_tests.pl: In parallel runs, start those tests first that run longest 0b670a2101 x509_vfy.c: Improve key usage checks in internal_verify() of cert chains 1337a3a998 Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber 318565b733 Prepare for 3.0 alpha 6 e70a2d9f13 Prepare for release of 3.0 alpha 5 b013cf9000 util/mktar.pl: Change 'VERSION' to 'VERSION.dat' e39e295e20 Update copyright year e4162f86d7 DRBG: Fix the renamed functions after the EVP_MAC name reversal 660c534435 Revert "kdf: make function naming consistent." 865adf97c9 Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md ecca5b6e2e capabilities: make capability selection case insensitive. 81ed433cf8 libcrypto.num: engine deprecation updates bb95426211 doc: remove unused engine tracing option 184fb690fa trace: condition out engine related tracing 03445677b9 Document that ENGINE_add_conf_module() was deprecated. 2099f1bb6b Document that exdata for ENGINES is deprecated. 1bdab93a62 Document that the ENGINE_[sg]_ex_data() calls are reprecated. 8b4c89f8d2 RAND: document that the ENGINE RAND override is deprecated. 571d2c4dc7 ENGINESDIR: document that this configuration is deprecated. 2d71c9468a doc: document that the engine initialisation options are deprecated. 9bd8d96c39 deprecate engines in provider code e4468e6d8d deprecate engines in libcrypto ad8fc6f626 apps: deprecate engines 91512a771a deprecate engine from public header files 304d070eba deprecate engine tests 92f8603537 deprecate engines in SSL cf8e8cba93 deprecate engines 597f3f3ab1 Fix indentation for engine.h 4222682dae doc: deprecate ENGINE documentation 0f221d9c68 apps: document the deprecation of the -engine option 699caa18d5 engine: document the engine app as deprecated 0a684b09d8 apps/list: deprecate engine support 910b71cf47 deprecate engines in 3.0 8c2bfd2512 Add SSL_get[01]_peer_certificate() Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D05FC9397F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D05FC9397F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D05FC9397F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D05FC9397F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/fpPv7QAcbx default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020B4A0997F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020B4A0997F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C020B4A0997F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C020B4A0997F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/fpPv7QAcbx fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3148, 802 wallclock secs (11.45 usr 1.49 sys + 733.58 cusr 59.15 csys = 805.67 CPU) Result: FAIL Makefile:3133: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3131: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jul 21 22:52:58 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 21 Jul 2020 22:52:58 +0000 Subject: Errored: openssl/openssl#36271 (master - 7717459) In-Reply-To: Message-ID: <5f1771c9cc989_13fa42b5aa1683252c3@travis-pro-tasks-69ffb6cff6-47fv7.mail> Build Update for openssl/openssl ------------------------------------- Build: #36271 Status: Errored Duration: 1 hr, 32 mins, and 26 secs Commit: 7717459 (master) Author: Viktor Dukhovni Message: Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale GH: #12472 View the changeset: https://github.com/openssl/openssl/compare/5ac582d949c4...77174598920a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176562113?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Wed Jul 22 00:47:07 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 22 Jul 2020 00:47:07 +0000 Subject: [openssl] master update Message-ID: <1595378827.266174.17437.nullmailer@dev.openssl.org> The branch master has been updated via 90409da6a520812b0266fcb1303175406dea81fe (commit) from 77174598920a05826a28d8a0bd87a3af43d3f4d8 (commit) - Log ----------------------------------------------------------------- commit 90409da6a520812b0266fcb1303175406dea81fe Author: Shane Lontis Date: Wed Jul 22 10:40:55 2020 +1000 Fix provider cipher reinit issue Fixes #12405 Fixes #12377 Calling Init()/Update() and then Init()/Update() again gave a different result when using the same key and iv. Cipher modes that were using ctx->num were not resetting this value, this includes OFB, CFB & CTR. The fix is to reset this value during the ciphers einit() and dinit() methods. Most ciphers go thru a generic method so one line fixes most cases. Add test for calling EVP_EncryptInit()/EVP_EncryptUpdate() multiple times for all ciphers. Ciphers should return the same value for both updates. DES3-WRAP does not since it uses a random in the update. CCM modes currently also fail on the second update (This also happens in 1_1_1). Fix memory leak in AES_OCB cipher if EVP_EncryptInit is called multiple times. Fix AES_SIV cipher dup_ctx and init. Calling EVP_CIPHER_init multiple times resulted in a memory leak in the siv. Fixing this leak also showed that the dup ctx was not working for siv mode. Note: aes_siv_cleanup() can not be used by aes_siv_dupctx() as it clears data that is required for the decrypt (e.g the tag). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12413) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 2 +- crypto/modes/siv128.c | 24 ++++-- include/crypto/siv.h | 6 +- .../implementations/ciphers/cipher_aes_ocb_hw.c | 1 + providers/implementations/ciphers/cipher_aes_siv.c | 19 +++++ providers/implementations/ciphers/cipher_aes_siv.h | 4 +- .../implementations/ciphers/cipher_aes_siv_hw.c | 49 +++++++++--- providers/implementations/ciphers/cipher_des.c | 1 + .../implementations/ciphers/cipher_tdes_common.c | 1 + providers/implementations/ciphers/ciphercommon.c | 2 + test/evp_libctx_test.c | 90 +++++++++++++++++++++- test/recipes/30-test_evp_libctx.t | 11 +-- 12 files changed, 185 insertions(+), 25 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 05be21901d..c037090695 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -4061,7 +4061,7 @@ static int aes_siv_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, /* klen is the length of the underlying cipher, not the input key, which should be twice as long */ - return CRYPTO_siv128_init(sctx, key, klen, cbc, ctr); + return CRYPTO_siv128_init(sctx, key, klen, cbc, ctr, NULL, NULL); } #define aesni_siv_cipher aes_siv_cipher diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index d3655674b4..27e29c3cc6 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -140,13 +140,15 @@ __owur static ossl_inline int siv128_do_encrypt(EVP_CIPHER_CTX *ctx, unsigned ch /* * Create a new SIV128_CONTEXT */ -SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER* cbc, EVP_CIPHER* ctr) +SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq) { SIV128_CONTEXT *ctx; int ret; if ((ctx = OPENSSL_malloc(sizeof(*ctx))) != NULL) { - ret = CRYPTO_siv128_init(ctx, key, klen, cbc, ctr); + ret = CRYPTO_siv128_init(ctx, key, klen, cbc, ctr, libctx, propq); if (ret) return ctx; OPENSSL_free(ctx); @@ -159,7 +161,8 @@ SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER * Initialise an existing SIV128_CONTEXT */ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER* cbc, const EVP_CIPHER* ctr) + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq) { static const unsigned char zero[SIV_LEN] = { 0 }; size_t out_len = SIV_LEN; @@ -174,14 +177,17 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, params[2] = OSSL_PARAM_construct_end(); memset(&ctx->d, 0, sizeof(ctx->d)); + EVP_CIPHER_CTX_free(ctx->cipher_ctx); + EVP_MAC_CTX_free(ctx->mac_ctx_init); + EVP_MAC_free(ctx->mac); + ctx->mac = NULL; ctx->cipher_ctx = NULL; ctx->mac_ctx_init = NULL; if (key == NULL || cbc == NULL || ctr == NULL || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL - /* TODO(3.0) library context */ || (ctx->mac = - EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL + EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, propq)) == NULL || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) @@ -209,12 +215,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) { memcpy(&dest->d, &src->d, sizeof(src->d)); + if (dest->cipher_ctx == NULL) { + dest->cipher_ctx = EVP_CIPHER_CTX_new(); + if (dest->cipher_ctx == NULL) + return 0; + } if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; EVP_MAC_CTX_free(dest->mac_ctx_init); dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); if (dest->mac_ctx_init == NULL) return 0; + dest->mac = src->mac; + if (dest->mac != NULL) + EVP_MAC_up_ref(dest->mac); return 1; } diff --git a/include/crypto/siv.h b/include/crypto/siv.h index 8a8ef6e15f..9ed8b1b121 100644 --- a/include/crypto/siv.h +++ b/include/crypto/siv.h @@ -12,9 +12,11 @@ typedef struct siv128_context SIV128_CONTEXT; SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, - EVP_CIPHER* cbc, EVP_CIPHER* ctr); + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq); int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER* cbc, const EVP_CIPHER* ctr); + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq); int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src); int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, size_t len); diff --git a/providers/implementations/ciphers/cipher_aes_ocb_hw.c b/providers/implementations/ciphers/cipher_aes_ocb_hw.c index da82b66fa1..5caca0b1df 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c @@ -18,6 +18,7 @@ #define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ fn_block_enc, fn_block_dec, \ fn_stream_enc, fn_stream_dec) \ +CRYPTO_ocb128_cleanup(&ctx->ocb); \ fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \ fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \ if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index 48bf01649a..84c078da82 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -19,6 +19,7 @@ #include "prov/implementations.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" +#include "prov/provider_ctx.h" #define siv_stream_update siv_cipher #define SIV_FLAGS AEAD_FLAGS @@ -34,6 +35,7 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, ctx->flags = flags; ctx->keylen = keybits / 8; ctx->hw = PROV_CIPHER_HW_aes_siv(keybits); + ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); } return ctx; } @@ -48,6 +50,22 @@ static void aes_siv_freectx(void *vctx) } } +static void *siv_dupctx(void *vctx) +{ + PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)vctx; + PROV_AES_SIV_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!in->hw->dupctx(in, ret)) { + OPENSSL_free(ret); + ret = NULL; + } + return ret; +} + static int siv_init(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, int enc) { @@ -219,6 +237,7 @@ static void * alg##kbits##lc##_newctx(void *provctx) \ const OSSL_DISPATCH alg##kbits##lc##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) lc##_dupctx }, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.h b/providers/implementations/ciphers/cipher_aes_siv.h index 05411d7012..3179943f0e 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.h +++ b/providers/implementations/ciphers/cipher_aes_siv.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,7 @@ typedef struct prov_cipher_hw_aes_siv_st { void (*setspeed)(void *ctx, int speed); int (*settag)(void *ctx, const unsigned char *tag, size_t tagl); void (*cleanup)(void *ctx); + int (*dupctx)(void *src, void *dst); } PROV_CIPHER_HW_AES_SIV; typedef struct prov_siv_ctx_st { @@ -30,6 +31,7 @@ typedef struct prov_siv_ctx_st { EVP_CIPHER *ctr; /* These are fetched - so we need to free them */ EVP_CIPHER *cbc; const PROV_CIPHER_HW_AES_SIV *hw; + OPENSSL_CTX *libctx; } PROV_AES_SIV_CTX; const PROV_CIPHER_HW_AES_SIV *PROV_CIPHER_HW_aes_siv(size_t keybits); diff --git a/providers/implementations/ciphers/cipher_aes_siv_hw.c b/providers/implementations/ciphers/cipher_aes_siv_hw.c index ef910dd6f8..547eb1a4c4 100644 --- a/providers/implementations/ciphers/cipher_aes_siv_hw.c +++ b/providers/implementations/ciphers/cipher_aes_siv_hw.c @@ -15,33 +15,63 @@ #include "cipher_aes_siv.h" +static void aes_siv_cleanup(void *vctx); + static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen) { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; SIV128_CONTEXT *sctx = &ctx->siv; size_t klen = keylen / 2; + OPENSSL_CTX *libctx = ctx->libctx; + const char *propq = NULL; + + EVP_CIPHER_free(ctx->cbc); + EVP_CIPHER_free(ctx->ctr); + ctx->cbc = NULL; + ctx->ctr = NULL; switch (klen) { case 16: - ctx->cbc = EVP_CIPHER_fetch(NULL, "AES-128-CBC", ""); - ctx->ctr = EVP_CIPHER_fetch(NULL, "AES-128-CTR", ""); + ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", propq); + ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-128-CTR", propq); break; case 24: - ctx->cbc = EVP_CIPHER_fetch(NULL, "AES-192-CBC", ""); - ctx->ctr = EVP_CIPHER_fetch(NULL, "AES-192-CTR", ""); + ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-192-CBC", propq); + ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-192-CTR", propq); break; case 32: - ctx->cbc = EVP_CIPHER_fetch(NULL, "AES-256-CBC", ""); - ctx->ctr = EVP_CIPHER_fetch(NULL, "AES-256-CTR", ""); + ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-256-CBC", propq); + ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-256-CTR", propq); break; default: - return 0; + break; } + if (ctx->cbc == NULL || ctx->ctr == NULL) + return 0; /* * klen is the length of the underlying cipher, not the input key, * which should be twice as long */ - return CRYPTO_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr); + return CRYPTO_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx, + propq); +} + +static int aes_siv_dupctx(void *in_vctx, void *out_vctx) +{ + PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)in_vctx; + PROV_AES_SIV_CTX *out = (PROV_AES_SIV_CTX *)out_vctx; + + *out = *in; + out->siv.cipher_ctx = NULL; + out->siv.mac_ctx_init = NULL; + out->siv.mac = NULL; + if (!CRYPTO_siv128_copy_ctx(&out->siv, &in->siv)) + return 0; + if (out->cbc != NULL) + EVP_CIPHER_up_ref(out->cbc); + if (out->ctr != NULL) + EVP_CIPHER_up_ref(out->ctr); + return 1; } static int aes_siv_settag(void *vctx, const unsigned char *tag, size_t tagl) @@ -96,7 +126,8 @@ static const PROV_CIPHER_HW_AES_SIV aes_siv_hw = aes_siv_cipher, aes_siv_setspeed, aes_siv_settag, - aes_siv_cleanup + aes_siv_cleanup, + aes_siv_dupctx, }; const PROV_CIPHER_HW_AES_SIV *PROV_CIPHER_HW_aes_siv(size_t keybits) diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 7a60e0501c..9a7c13902f 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -67,6 +67,7 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + ctx->num = 0; ctx->enc = enc; if (iv != NULL) { diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index 6cdc88749c..d2379f741b 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -57,6 +57,7 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + ctx->num = 0; ctx->enc = enc; if (iv != NULL) { diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index a8905d1242..a3ebd3f7e7 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -149,6 +149,8 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, const unsigned char *iv, size_t ivlen, int enc) { + ctx->num = 0; + ctx->updated = 0; ctx->enc = enc ? 1 : 0; if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index 77054f93a2..a9f665842a 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -23,13 +23,18 @@ #include #include #include +#include #include "testutil.h" #include "internal/nelem.h" -#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +#include "../e_os.h" /* strcasecmp */ + +DEFINE_STACK_OF_CSTRING() static OPENSSL_CTX *libctx = NULL; static OSSL_PROVIDER *nullprov = NULL; static OSSL_PROVIDER *libprov = NULL; +static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL; typedef enum OPTION_choice { OPT_ERR = -1, @@ -193,9 +198,83 @@ static int test_dh_safeprime_param_keygen(int tstid) }; return do_dh_param_keygen(tstid, bn); } - #endif /* OPENSSL_NO_DH */ +static int test_cipher_reinit(int test_id) +{ + int ret = 0, out1_len = 0, out2_len = 0, diff, ccm; + EVP_CIPHER *cipher = NULL; + EVP_CIPHER_CTX *ctx = NULL; + unsigned char out1[256]; + unsigned char out2[256]; + unsigned char in[16] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + }; + unsigned char key[64] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }; + unsigned char iv[16] = { + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 + }; + const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id); + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + + TEST_note("Fetching %s\n", name); + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) + goto err; + + /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */ + ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE); + + /* DES3-WRAP uses random every update - so it will give a different value */ + diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); + + if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) + || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) + || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)), + ccm ? 0 : 1)) + goto err; + + if (ccm == 0) { + if (diff) { + if (!TEST_mem_ne(out1, out1_len, out2, out2_len)) + goto err; + } else { + if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) + goto err; + } + } + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +static int name_cmp(const char * const *a, const char * const *b) +{ + return strcasecmp(*a, *b); +} + +static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) +{ + STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list; + + sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher)); +} + int setup_tests(void) { const char *prov_name = "default"; @@ -242,11 +321,18 @@ int setup_tests(void) #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); #endif + + if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp))) + return 0; + EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names); + + ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names)); return 1; } void cleanup_tests(void) { + sk_OPENSSL_CSTRING_free(cipher_names); OSSL_PROVIDER_unload(libprov); OPENSSL_CTX_free(libctx); OSSL_PROVIDER_unload(nullprov); diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t index 0d0a762900..8c36a9e24e 100644 --- a/test/recipes/30-test_evp_libctx.t +++ b/test/recipes/30-test_evp_libctx.t @@ -27,7 +27,7 @@ my $infile = bldtop_file('providers', platform->dso('fips')); my @test_args = ( ); plan tests => - ($no_fips ? 0 : 1) # FIPS install test + ($no_fips ? 0 : 2) # FIPS install test + 1; unless ($no_fips) { @@ -36,10 +36,11 @@ unless ($no_fips) { ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-section_name', 'fips_sect'])), + '-module', $infile])), "fipsinstall"); + ok(run(test(["evp_libctx_test", @test_args])), "running fips evp_libctx_test"); } -ok(run(test(["evp_libctx_test", @test_args])), "running evp_libctx_test"); +ok(run(test(["evp_libctx_test", + "-config", srctop_file("test","default-and-legacy.cnf"),])), + "running default-and-legacy evp_libctx_test"); From builds at travis-ci.com Wed Jul 22 02:29:45 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 02:29:45 +0000 Subject: Errored: openssl/openssl#36278 (master - 90409da) In-Reply-To: Message-ID: <5f17a498cae94_13fa083ba1ba81516c0@travis-pro-tasks-55fdff4d89-dhncw.mail> Build Update for openssl/openssl ------------------------------------- Build: #36278 Status: Errored Duration: 1 hr, 34 mins, and 23 secs Commit: 90409da (master) Author: Shane Lontis Message: Fix provider cipher reinit issue Fixes #12405 Fixes #12377 Calling Init()/Update() and then Init()/Update() again gave a different result when using the same key and iv. Cipher modes that were using ctx->num were not resetting this value, this includes OFB, CFB & CTR. The fix is to reset this value during the ciphers einit() and dinit() methods. Most ciphers go thru a generic method so one line fixes most cases. Add test for calling EVP_EncryptInit()/EVP_EncryptUpdate() multiple times for all ciphers. Ciphers should return the same value for both updates. DES3-WRAP does not since it uses a random in the update. CCM modes currently also fail on the second update (This also happens in 1_1_1). Fix memory leak in AES_OCB cipher if EVP_EncryptInit is called multiple times. Fix AES_SIV cipher dup_ctx and init. Calling EVP_CIPHER_init multiple times resulted in a memory leak in the siv. Fixing this leak also showed that the dup ctx was not working for siv mode. Note: aes_siv_cleanup() can not be used by aes_siv_dupctx() as it clears data that is required for the decrypt (e.g the tag). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12413) View the changeset: https://github.com/openssl/openssl/compare/77174598920a...90409da6a520 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176601252?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Wed Jul 22 05:28:37 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 22 Jul 2020 05:28:37 +0000 Subject: [openssl] master update Message-ID: <1595395717.604233.28169.nullmailer@dev.openssl.org> The branch master has been updated via bf19b64aaeeddd5463d911823f9e2c3c40091005 (commit) via 4f8fbf372efedb34e5f8172fa4673a19549cf025 (commit) via f91624d38053d57276a321cd541f95f41d2fd0cc (commit) from 90409da6a520812b0266fcb1303175406dea81fe (commit) - Log ----------------------------------------------------------------- commit bf19b64aaeeddd5463d911823f9e2c3c40091005 Author: Dr. David von Oheimb Date: Sat Jul 18 16:09:19 2020 +0200 Fix UI method setup, which should be independent of (deprecated) engine use Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12422) commit 4f8fbf372efedb34e5f8172fa4673a19549cf025 Author: Dr. David von Oheimb Date: Tue Jul 14 10:38:06 2020 +0200 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12422) commit f91624d38053d57276a321cd541f95f41d2fd0cc Author: Dr. David von Oheimb Date: Sat Jul 11 13:20:39 2020 +0200 Skip test_cmp_cli if 'lsof' or 'kill' command is not available Fixes #12324 partly fixes #12378 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12422) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 8 +++----- test/recipes/81-test_cmp_cli.t | 15 ++++++++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 87daa37dfa..17b5bed6ff 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2924,15 +2924,13 @@ int cmp_main(int argc, char **argv) ret = 0; if (opt_batch) { -#ifndef OPENSSL_NO_ENGINE UI_METHOD *ui_fallback_method; -# ifndef OPENSSL_NO_UI_CONSOLE +#ifndef OPENSSL_NO_UI_CONSOLE ui_fallback_method = UI_OpenSSL(); -# else +#else ui_fallback_method = (UI_METHOD *)UI_null(); -# endif - UI_method_set_reader(ui_fallback_method, NULL); #endif + UI_method_set_reader(ui_fallback_method, NULL); } if (opt_engine != NULL) diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 32239ef35b..009cdcc4d8 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -24,15 +24,20 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; +plan skip_all => "These tests are not supported in a fuzz build" + if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/; plan skip_all => "These tests are not supported in a no-cmp build" if disabled("cmp"); plan skip_all => "These tests are not supported in a no-ec build" if disabled("ec"); -plan skip_all => "These tests are not supported in a fuzz build" - if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/; -plan skip_all => "Tests involving server not available on Windows or VMS" + +plan skip_all => "Tests involving CMP server not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32)$/; +plan skip_all => "Tests involving CMP server require 'kill' command" + unless `which kill`; +plan skip_all => "Tests involving CMP server require 'lsof' command" + unless `which lsof`; # this typically excludes Solaris sub chop_dblquot { # chop any leading & trailing '"' (needed for Windows) my $str = shift; @@ -214,7 +219,7 @@ indir data_dir() => sub { if ($server_name eq "Mock") { indir "Mock" => sub { $pid = start_mock_server(""); - die "Cannot start CMP mock server" unless $pid; + die "Cannot start or find the started CMP mock server" unless $pid; } } foreach my $aspect (@all_aspects) { @@ -289,7 +294,7 @@ sub load_tests { } sub mock_server_pid { - return `lsof -iTCP:$server_port -sTCP:LISTEN | tail -n 1 | awk '{ print \$2 }'`; + return `lsof -iTCP:$server_port` =~ m/\n\S+\s+(\d+)\s+[^\n]+LISTEN/s ? $1 : 0; } sub start_mock_server { From matthias.st.pierre at ncp-e.com Wed Jul 22 07:16:41 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 22 Jul 2020 07:16:41 +0000 Subject: [openssl] master update Message-ID: <1595402201.788520.11807.nullmailer@dev.openssl.org> The branch master has been updated via 490c87110cc1fd673604fa1b94d5538f9fd852bb (commit) from bf19b64aaeeddd5463d911823f9e2c3c40091005 (commit) - Log ----------------------------------------------------------------- commit 490c87110cc1fd673604fa1b94d5538f9fd852bb Author: Gustaf Neumann Date: Fri Jul 17 12:31:26 2020 +0200 Align documentation with recommendations of Linux Documentation Project This change applies the recommendation of the Linux Documentation Project to the documentation files of OpenSSL. Additionally, util/find-doc-nits was updated accordingly. The change follows a suggestion of mspncp on https://github.com/openssl/openssl/pull/12370 and incoporates the requested changes on the pull request Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12460) ----------------------------------------------------------------------- Summary of changes: doc/internal/man3/ossl_method_construct.pod | 20 ++++++++++---------- doc/man1/openssl-cmp.pod.in | 2 +- doc/man1/openssl-s_client.pod.in | 4 ++-- doc/man1/openssl-ts.pod.in | 8 ++++---- doc/man1/openssl.pod | 2 +- doc/man3/ASYNC_WAIT_CTX_new.pod | 2 +- doc/man3/BIO_connect.pod | 2 +- doc/man3/BIO_f_ssl.pod | 2 +- doc/man3/BIO_read.pod | 2 +- doc/man3/BIO_s_accept.pod | 2 +- doc/man3/BIO_s_bio.pod | 2 +- doc/man3/BIO_socket_wait.pod | 2 +- doc/man3/BN_add.pod | 8 ++++---- doc/man3/BN_generate_prime.pod | 2 +- doc/man3/BN_mod_mul_montgomery.pod | 2 +- doc/man3/BN_set_bit.pod | 4 ++-- doc/man3/DTLSv1_listen.pod | 2 +- doc/man3/ERR_new.pod | 2 +- doc/man3/EVP_PKEY_gen.pod | 2 +- doc/man3/OPENSSL_init_crypto.pod | 12 ++++++------ doc/man3/OPENSSL_init_ssl.pod | 4 ++-- doc/man3/OSSL_CMP_CTX_new.pod | 2 +- doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 2 +- doc/man3/RAND_load_file.pod | 2 +- doc/man3/RSA_blinding_on.pod | 2 +- doc/man3/SSL_CTX_dane_enable.pod | 4 ++-- doc/man3/SSL_CTX_set_alpn_select_cb.pod | 2 +- doc/man3/SSL_CTX_set_info_callback.pod | 2 +- doc/man3/SSL_CTX_set_max_cert_list.pod | 2 +- doc/man3/SSL_CTX_set_mode.pod | 8 ++++---- doc/man3/SSL_CTX_set_options.pod | 2 +- doc/man3/SSL_CTX_set_read_ahead.pod | 2 +- doc/man3/SSL_CTX_set_srp_password.pod | 2 +- doc/man3/SSL_accept.pod | 6 +++--- doc/man3/SSL_alloc_buffers.pod | 2 +- doc/man3/SSL_connect.pod | 6 +++--- doc/man3/SSL_do_handshake.pod | 6 +++--- doc/man3/SSL_get_error.pod | 4 ++-- doc/man3/SSL_read.pod | 4 ++-- doc/man3/SSL_set1_host.pod | 2 +- doc/man3/SSL_set_async_callback.pod | 2 +- doc/man3/SSL_set_bio.pod | 2 +- doc/man3/SSL_set_fd.pod | 4 ++-- doc/man3/SSL_shutdown.pod | 6 +++--- doc/man3/SSL_state_string.pod | 4 ++-- doc/man3/SSL_want.pod | 2 +- doc/man3/SSL_write.pod | 4 ++-- doc/man3/X509_STORE_CTX_get_error.pod | 4 ++-- doc/man3/X509_check_host.pod | 4 ++-- doc/man5/x509v3_config.pod | 2 +- util/find-doc-nits | 24 ++++++++++++++++-------- 51 files changed, 108 insertions(+), 100 deletions(-) diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index f3d7a64d00..fa151bb92a 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -35,9 +35,9 @@ OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct =head1 DESCRIPTION -All libcrypto sub-systems that want to create their own methods based +All libcrypto subsystems that want to create their own methods based on provider dispatch tables need to do so in exactly the same way. -ossl_method_construct() does this while leaving it to the sub-systems +ossl_method_construct() does this while leaving it to the subsystems to define more precisely how the methods are created, stored, etc. It's important to keep in mind that a method is identified by three things: @@ -56,18 +56,18 @@ It's important to keep in mind that a method is identified by three things: ossl_method_construct() creates a method by asking all available providers for a dispatch table given an I, and then -calling the appropriate functions given by the sub-system specific +calling the appropriate functions given by the subsystem specific method creator through I and the data in I (which is passed by ossl_method_construct()). -This function assumes that the sub-system method creator implements +This function assumes that the subsystem method creator implements reference counting and acts accordingly (i.e. it will call the -sub-system destruct() method to decrement the reference count when +subsystem destruct() method to decrement the reference count when appropriate). =head2 Structures -A central part of constructing a sub-system specific method is to give +A central part of constructing a subsystem specific method is to give ossl_method_construct a set of functions, all in the B structure, which holds the following function pointers: @@ -90,7 +90,7 @@ Remove a temporary store. Look up an already existing method from a store by name. The store may be given with I. -NULL is a valid value and means that a sub-system default store +NULL is a valid value and means that a subsystem default store must be used. This default store should be stored in the library context I. @@ -107,7 +107,7 @@ Places the I created by the construct() function (see below) in a store. The store may be given with I. -NULL is a valid value and means that a sub-system default store +NULL is a valid value and means that a subsystem default store must be used. This default store should be stored in the library context I. @@ -120,11 +120,11 @@ This function is expected to increment the I's reference count. =item construct() -Constructs a sub-system method for the given I and the given +Constructs a subsystem method for the given I and the given dispatch table I. The associated provider object I is passed as well, to make -it possible for the sub-system constructor to keep a reference, which +it possible for the subsystem constructor to keep a reference, which is recommended. If such a reference is kept, the I reference counter must be incremented, using ossl_provider_up_ref(). diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 6ed11f442f..216db0cb1f 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -859,7 +859,7 @@ Act as CMP HTTP server mock-up listening on the given port. =item B<-max_msgs> I Maximum number of CMP (request) messages the CMP HTTP server mock-up -should handle, which must be non-negative. +should handle, which must be nonnegative. The default value is 0, which means that no limit is imposed. In any case the server terminates on internal errors, but not when it detects a CMP-level error that it can successfully answer with an error message. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 78f4cc679c..6d8cb5a397 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -478,11 +478,11 @@ File to send output of B<-msg> or B<-trace> to, default standard output. =item B<-nbio_test> -Tests non-blocking I/O +Tests nonblocking I/O =item B<-nbio> -Turns on non-blocking I/O +Turns on nonblocking I/O =item B<-crlf> diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index 7a1ed418ce..d6536374f5 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -90,8 +90,8 @@ value that it had sent to the TSA. =back -There is one DER encoded protocol data unit defined for transporting a time -stamp request to the TSA and one for sending the timestamp response +There is one DER encoded protocol data unit defined for transporting a +timestamp request to the TSA and one for sending the timestamp response back to the client. This command has three main functions: creating a timestamp request based on a data file, creating a timestamp response based on a request, verifying if a @@ -294,8 +294,8 @@ instead of DER. (Optional) =head2 Timestamp Response verification -The B<-verify> command is for verifying if a timestamp response or time -stamp token is valid and matches a particular timestamp request or +The B<-verify> command is for verifying if a timestamp response or +timestamp token is valid and matches a particular timestamp request or data file. The B<-verify> command does not use the configuration file. =over 4 diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index f075e2170b..791bc52341 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -612,7 +612,7 @@ Note that the parsing is simple and might fail to parse some legal data. =back The options to specify the format are as follows. Refer to the individual -manpage to see which options are accepted. +man page to see which options are accepted. =over 4 diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index c95ceb78a0..f1d6a02219 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -130,7 +130,7 @@ descriptor is not appropriate. ASYNC_WAIT_CTX_set_callback() sets the callback and the callback argument. The callback will be called to notify user code when an engine completes a cryptography operation. It is a requirement that the callback function is small -and non-blocking as it will be run in the context of a polling mechanism or an +and nonblocking as it will be run in the context of a polling mechanism or an interrupt. ASYNC_WAIT_CTX_get_callback() returns the callback set in the B diff --git a/doc/man3/BIO_connect.pod b/doc/man3/BIO_connect.pod index 9e0d972ba4..3d51720a9f 100644 --- a/doc/man3/BIO_connect.pod +++ b/doc/man3/BIO_connect.pod @@ -55,7 +55,7 @@ Enables regular sending of keep-alive messages. =item BIO_SOCK_NONBLOCK -Sets the socket to non-blocking mode. +Sets the socket to nonblocking mode. =item BIO_SOCK_NODELAY diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 61d23c9db7..6a21e0c41c 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -102,7 +102,7 @@ If domain name resolution yields multiple IP addresses all of them are tried after connect() failures. The function returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established. -The call BIO_should_retry() should be used for non-blocking connect BIOs +The call BIO_should_retry() should be used for nonblocking connect BIOs to determine if the call should be retried. If a connection has already been established this call has no effect. diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod index 293c1304a4..ccd165189e 100644 --- a/doc/man3/BIO_read.pod +++ b/doc/man3/BIO_read.pod @@ -55,7 +55,7 @@ NUL is not included in the length returned by BIO_gets(). =head1 NOTES A 0 or -1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type +particular when the source/sink is nonblocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod index e6ad95b4e0..6c091bbb5c 100644 --- a/doc/man3/BIO_s_accept.pod +++ b/doc/man3/BIO_s_accept.pod @@ -143,7 +143,7 @@ however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection. -If the underlying accept socket is non-blocking and BIO_do_accept() is +If the underlying accept socket is nonblocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod index cf25538fef..653fe4785a 100644 --- a/doc/man3/BIO_s_bio.pod +++ b/doc/man3/BIO_s_bio.pod @@ -167,7 +167,7 @@ without having to go through the SSL-interface. ... As the BIO pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write +connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. diff --git a/doc/man3/BIO_socket_wait.pod b/doc/man3/BIO_socket_wait.pod index b00a878c9d..f1050f80fb 100644 --- a/doc/man3/BIO_socket_wait.pod +++ b/doc/man3/BIO_socket_wait.pod @@ -34,7 +34,7 @@ Via B the caller determines the polling granularity. BIO_do_connect_retry() connects via the given B. It retries BIO_do_connect() as far as needed to reach a definite outcome, i.e., connection succeeded, timeout has been reached, or an error occurred. -For non-blocking and potentially even non-socket BIOs it polls +For nonblocking and potentially even non-socket BIOs it polls every B and sleeps in between using BIO_wait(). If B is < 0 then a default value of 100 ms is used. If the B parameter is > 0 this indicates the maximum number of seconds diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index 1fae2eee99..6f9b923914 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -68,16 +68,16 @@ For division by powers of 2, use BN_rshift(3). BN_mod() corresponds to BN_div() with I set to B. -BN_nnmod() reduces I modulo I and places the non-negative +BN_nnmod() reduces I modulo I and places the nonnegative remainder in I. -BN_mod_add() adds I to I modulo I and places the non-negative +BN_mod_add() adds I to I modulo I and places the nonnegative result in I. BN_mod_sub() subtracts I from I modulo I and places the -non-negative result in I. +nonnegative result in I. -BN_mod_mul() multiplies I by I and finds the non-negative +BN_mod_mul() multiplies I by I and finds the nonnegative remainder respective to modulus I (C). I may be the same B as I or I. For more efficient algorithms for repeated computations using the same modulus, see diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index cdd7ed0e8e..9827499b39 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -148,7 +148,7 @@ BN_is_prime_fasttest() and BN_is_prime() behave just like BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old style call back. -B is a pre-allocated B (to save the overhead of allocating and +B is a preallocated B (to save the overhead of allocating and freeing the structure in a loop), or B. If the trial division is done, and no divisors are found and B diff --git a/doc/man3/BN_mod_mul_montgomery.pod b/doc/man3/BN_mod_mul_montgomery.pod index 5cb2c2c377..24109e2a1d 100644 --- a/doc/man3/BN_mod_mul_montgomery.pod +++ b/doc/man3/BN_mod_mul_montgomery.pod @@ -49,7 +49,7 @@ the result in I. BN_from_montgomery() performs the Montgomery reduction I = I*R^-1. BN_to_montgomery() computes Mont(I ,R^2), i.e. I *R. -Note that I must be non-negative and smaller than the modulus. +Note that I must be nonnegative and smaller than the modulus. For all functions, I is a previously allocated B used for temporary variables. diff --git a/doc/man3/BN_set_bit.pod b/doc/man3/BN_set_bit.pod index 24f7723c0c..323eb7d659 100644 --- a/doc/man3/BN_set_bit.pod +++ b/doc/man3/BN_set_bit.pod @@ -37,11 +37,11 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). Note that B must be non-negative. BN_lshift1() shifts +B (C). Note that B must be nonnegative. BN_lshift1() shifts B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). Note that B must be non-negative. BN_rshift1() shifts +B (C). Note that B must be nonnegative. BN_rshift1() shifts B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index aa20918686..13f6f1ff14 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -98,7 +98,7 @@ will be set up ready to continue the handshake. the B value will also be filled in. A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking IO, or some invalid message having been +example) be because of nonblocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to DTLSv1_listen() in the event of a non-fatal error. diff --git a/doc/man3/ERR_new.pod b/doc/man3/ERR_new.pod index e1c71bebaa..ada27ed360 100644 --- a/doc/man3/ERR_new.pod +++ b/doc/man3/ERR_new.pod @@ -49,7 +49,7 @@ do not return any values. =head1 NOTES The library number is unique to each unit that records errors. -OpenSSL has a number of pre-allocated ones for its own uses, but +OpenSSL has a number of preallocated ones for its own uses, but others may allocate their own library number dynamically with L. diff --git a/doc/man3/EVP_PKEY_gen.pod b/doc/man3/EVP_PKEY_gen.pod index 212ea2a742..979de8601e 100644 --- a/doc/man3/EVP_PKEY_gen.pod +++ b/doc/man3/EVP_PKEY_gen.pod @@ -75,7 +75,7 @@ generation callback. The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with the generation operation. If I is -1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a nonnegative value for I should only be called within the generation callback. If the callback returns 0 then the key generation operation is aborted and an diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index 0b8f9010c4..bed722abf2 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -40,13 +40,13 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L for the libssl equivalent). Numerous internal OpenSSL functions call OPENSSL_init_crypto(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_crypto() MUST be called by application code prior to any other OpenSSL function calls. @@ -105,7 +105,7 @@ used by calling OPENSSL_config(). This is a default option. Note that in OpenSSL 1.1.1 this was the default for libssl but not for libcrypto (see L for further details about libssl initialisation). -In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto. +In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto. See the description of OPENSSL_INIT_new(), below. =item OPENSSL_INIT_NO_LOAD_CONFIG @@ -241,10 +241,10 @@ The filename, application name, and flags can be customized by providing a non-null B object. The object can be allocated via B. The B function can be used to specify a -non-default filename, which is copied and need not refer to persistent storage. +nondefault filename, which is copied and need not refer to persistent storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a -non-default application name. -Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +nondefault application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. If the B flag is not included, any errors in the configuration file will cause an error return from B or indirectly L. diff --git a/doc/man3/OPENSSL_init_ssl.pod b/doc/man3/OPENSSL_init_ssl.pod index d5a771bbc3..ce6f23042a 100644 --- a/doc/man3/OPENSSL_init_ssl.pod +++ b/doc/man3/OPENSSL_init_ssl.pod @@ -23,14 +23,14 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_ssl() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the L function. Numerous internal OpenSSL functions call OPENSSL_init_ssl(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls. diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index e8237b46e7..cb2d68a44b 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -579,7 +579,7 @@ X.509 certificates received in the caPubs field of last received certificate response message IP/CP/KUP. OSSL_CMP_CTX_get1_extraCertsIn() returns a pointer to a duplicate of the stack -of X.509 certificates received in the last received non-empty extraCerts field. +of X.509 certificates received in the last received nonempty extraCerts field. Returns an empty stack if no extraCerts have been received in the current transaction. diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod index b760db1983..8e8bd7263f 100644 --- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod +++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -59,7 +59,7 @@ OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of B. =head1 RETURN VALUES OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a -non-negative integer or -1 on error. +nonnegative integer or -1 on error. All other functions return a pointer with the intended result or NULL on error. diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod index cf4677648e..a5e146cc27 100644 --- a/doc/man3/RAND_load_file.pod +++ b/doc/man3/RAND_load_file.pod @@ -17,7 +17,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file =head1 DESCRIPTION RAND_load_file() reads a number of bytes from file B and -adds them to the PRNG. If B is non-negative, +adds them to the PRNG. If B is nonnegative, up to B are read; if B is -1, the complete file is read. Do not load the same file multiple times unless its contents have diff --git a/doc/man3/RSA_blinding_on.pod b/doc/man3/RSA_blinding_on.pod index db06b2f61f..cd57839fdd 100644 --- a/doc/man3/RSA_blinding_on.pod +++ b/doc/man3/RSA_blinding_on.pod @@ -19,7 +19,7 @@ measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. RSA_blinding_on() turns blinding on for key B and generates a -random blinding factor. B is B or a pre-allocated and +random blinding factor. B is B or a preallocated and initialized B. RSA_blinding_off() turns blinding off and frees the memory used for diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index f5bd8a4a6a..4ca9e978b1 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -122,7 +122,7 @@ SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with SSL_get0_dane_authority(). -When the return value is non-negative, the storage pointed to by the B, +When the return value is nonnegative, the storage pointed to by the B, B, B and B parameters is updated to the corresponding TLSA record fields. The B field is in binary wire form, and is therefore not NUL-terminated, @@ -173,7 +173,7 @@ certificate or a public key that fails to parse. The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a negative value when DANE authentication failed or was not enabled, a -non-negative value indicates the chain depth at which the TLSA record matched a +nonnegative value indicates the chain depth at which the TLSA record matched a chain certificate, or the depth of the top-most certificate, when the TLSA record is a full public key that is its signer. diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 9a7a934d50..62da53cd79 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -114,7 +114,7 @@ provided by the callback. =head1 NOTES The protocol-lists must be in wire-format, which is defined as a vector of -non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not +nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 399a83c757..19973b2f9e 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -64,7 +64,7 @@ per state in some situations. Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as -on error or when IO might otherwise block and non-blocking is being used. +on error or when IO might otherwise block and nonblocking is being used. =item SSL_CB_READ diff --git a/doc/man3/SSL_CTX_set_max_cert_list.pod b/doc/man3/SSL_CTX_set_max_cert_list.pod index 5b82cda32f..9f44673246 100644 --- a/doc/man3/SSL_CTX_set_max_cert_list.pod +++ b/doc/man3/SSL_CTX_set_max_cert_list.pod @@ -39,7 +39,7 @@ received from a faulty or malicious peer, a maximum size for the certificate chain is set. The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit DOS platform). This should be sufficient for usual certificate +on the 16-bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see L, and certificates without special extensions have a typical size of 1-2kB). diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 6cdf8362c6..160110f9f1 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -50,8 +50,8 @@ the behaviour of write(). Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking SSL_write() behaves like -non-blocking write(). +avoid the misconception that nonblocking SSL_write() behaves like +nonblocking write(). =item SSL_MODE_AUTO_RETRY @@ -64,9 +64,9 @@ If such a non-application data record was processed, the flag B causes it to try to process the next record instead of returning. -In a non-blocking environment applications must be prepared to handle +In a nonblocking environment applications must be prepared to handle incomplete read/write operations. -Setting B for a non-blocking B will process +Setting B for a nonblocking B will process non-application data records until either no more data is available or an application data record has been processed. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index adc646d72d..68a1552430 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -272,7 +272,7 @@ application data in a static buffer until it is overwritten by the next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT deciphered application data is cleansed by calling OPENSSL_cleanse(3) after passing data to the application. Data is also cleansed when -releasing the connection (eg. L). +releasing the connection (e.g. L). Since OpenSSL only cleanses internal buffers, the application is still responsible for cleansing all other buffers. Most notably, this diff --git a/doc/man3/SSL_CTX_set_read_ahead.pod b/doc/man3/SSL_CTX_set_read_ahead.pod index 97343b92a0..09900794c8 100644 --- a/doc/man3/SSL_CTX_set_read_ahead.pod +++ b/doc/man3/SSL_CTX_set_read_ahead.pod @@ -21,7 +21,7 @@ SSL_CTX_get_default_read_ahead =head1 DESCRIPTION SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as -many input bytes as possible (for non-blocking reads) or not. For example if +many input bytes as possible (for nonblocking reads) or not. For example if B bytes are currently required by OpenSSL, but B bytes are available from the underlying BIO (where B > B), then OpenSSL will read all B bytes into its buffer (providing that the buffer is large enough) if reading ahead is diff --git a/doc/man3/SSL_CTX_set_srp_password.pod b/doc/man3/SSL_CTX_set_srp_password.pod index 4d806bce33..347bb3bf78 100644 --- a/doc/man3/SSL_CTX_set_srp_password.pod +++ b/doc/man3/SSL_CTX_set_srp_password.pod @@ -46,7 +46,7 @@ SSL_get_srp_userinfo =head1 DESCRIPTION These functions provide access to SRP (Secure Remote Password) parameters, -an alternate authentication mechanism for TLS. SRP allows the use of user names +an alternate authentication mechanism for TLS. SRP allows the use of usernames and passwords over unencrypted channels without revealing the password to an eavesdropper. SRP also supplies a shared secret at the end of the authentication sequence that can be used to generate encryption keys. diff --git a/doc/man3/SSL_accept.pod b/doc/man3/SSL_accept.pod index eda0a35b9e..8577cc8e0e 100644 --- a/doc/man3/SSL_accept.pod +++ b/doc/man3/SSL_accept.pod @@ -23,14 +23,14 @@ The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B, SSL_accept() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_accept() will also return +If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -57,7 +57,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_alloc_buffers.pod b/doc/man3/SSL_alloc_buffers.pod index 4f98543870..d27da05b2f 100644 --- a/doc/man3/SSL_alloc_buffers.pod +++ b/doc/man3/SSL_alloc_buffers.pod @@ -22,7 +22,7 @@ control when buffers are freed and allocated. After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The SSL_alloc_buffers() does not need to be called, but -can be used to make sure the buffers are pre-allocated. This can be used to +can be used to make sure the buffers are preallocated. This can be used to avoid allocation during data processing or with CRYPTO_set_mem_functions() to control where and how buffers are allocated. diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod index b74aa1d2b6..4e9bd9ca07 100644 --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -23,14 +23,14 @@ The behaviour of SSL_connect() depends on the underlying BIO. If the underlying BIO is B, SSL_connect() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_connect() will also return +If the underlying BIO is B, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -72,7 +72,7 @@ established. The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_do_handshake.pod b/doc/man3/SSL_do_handshake.pod index 55a11ccdbc..819576b09f 100644 --- a/doc/man3/SSL_do_handshake.pod +++ b/doc/man3/SSL_do_handshake.pod @@ -25,13 +25,13 @@ The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B, SSL_do_handshake() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_do_handshake() will also return +If the underlying BIO is B, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -58,7 +58,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 0f2b10989e..c52fd04d07 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -61,7 +61,7 @@ is set. See L for more details. The operation did not complete and can be retried later. B is returned when the last operation was a read -operation from a non-blocking B. +operation from a nonblocking B. It means that not enough data was available at this time to complete the operation. If at a later time the underlying B has data available for reading the same @@ -73,7 +73,7 @@ for a blocking B. See L for more information. B is returned when the last operation was a write -to a non-blocking B and it was unable to sent all data to the B. +to a nonblocking B and it was unable to sent all data to the B. When the B is writable again, the same function can be called again. Note that the retry may again lead to an B or diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index 3cbab3009f..0bfc2a4135 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -72,7 +72,7 @@ not set. Note that if B is set and only non-application data is available the call will hang. -If the underlying BIO is B, a read function will also return when +If the underlying BIO is B, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L with the @@ -83,7 +83,7 @@ a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying BIO. -When using a non-blocking socket, nothing is to be done, but select() can be +When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index 1ceb5dda7b..6278f89ed5 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -21,7 +21,7 @@ These functions configure server hostname checks in the SSL client. SSL_set1_host() sets the expected DNS hostname to B clearing any previously specified hostname. If B is NULL or the empty string, the list of hostnames is cleared and name -checks are not performed on the peer certificate. When a non-empty +checks are not performed on the peer certificate. When a nonempty B is specified, certificate verification automatically checks the peer hostname via L with B as specified via SSL_set_hostflags(). Clients that enable DANE TLSA authentication diff --git a/doc/man3/SSL_set_async_callback.pod b/doc/man3/SSL_set_async_callback.pod index 5a0bd2bfc1..9de735f8fc 100644 --- a/doc/man3/SSL_set_async_callback.pod +++ b/doc/man3/SSL_set_async_callback.pod @@ -87,7 +87,7 @@ a parameter. =item 7. The callback function should then run. Note: it is a requirement that the -callback function is small and non-blocking as it will be run in the context of +callback function is small and nonblocking as it will be run in the context of a polling mechanism or an interrupt. =item 8. diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod index 90dfcc91bf..d88e6836b8 100644 --- a/doc/man3/SSL_set_bio.pod +++ b/doc/man3/SSL_set_bio.pod @@ -16,7 +16,7 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO SSL_set0_rbio() connects the BIO B for the read operations of the B object. The SSL engine inherits the behaviour of B. If the BIO is -non-blocking then the B object will also have non-blocking behaviour. This +nonblocking then the B object will also have nonblocking behaviour. This function transfers ownership of B to B. It will be automatically freed using L when the B is freed. On calling this function, any existing B that was previously set will also be freed via a diff --git a/doc/man3/SSL_set_fd.pod b/doc/man3/SSL_set_fd.pod index 42d0f7848d..01c362360c 100644 --- a/doc/man3/SSL_set_fd.pod +++ b/doc/man3/SSL_set_fd.pod @@ -20,8 +20,8 @@ socket file descriptor of a network connection. When performing the operation, a B is automatically created to interface between the B and B. The BIO and hence the SSL engine -inherit the behaviour of B. If B is non-blocking, the B will -also have non-blocking behaviour. +inherit the behaviour of B. If B is nonblocking, the B will +also have nonblocking behaviour. If there was already a BIO connected to B, BIO_free() will be called (for both the reading and writing side, if different). diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 34469bae37..6797006a28 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -54,13 +54,13 @@ The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. -If the underlying BIO is B, SSL_shutdown() will also return +If the underlying BIO is B, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -150,7 +150,7 @@ and the peer's close_notify alert was received. The shutdown was not successful. Call L with the return value B to find out the reason. -It can occur if an action is needed to continue the operation for non-blocking +It can occur if an action is needed to continue the operation for nonblocking BIOs. It can also occur when not all data was read using SSL_read(). diff --git a/doc/man3/SSL_state_string.pod b/doc/man3/SSL_state_string.pod index 2d494091aa..465e425ccd 100644 --- a/doc/man3/SSL_state_string.pod +++ b/doc/man3/SSL_state_string.pod @@ -26,11 +26,11 @@ maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. -When using non-blocking sockets, the function call performing the handshake +When using nonblocking sockets, the function call performing the handshake may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called. -For both blocking or non-blocking sockets, the details state information +For both blocking or nonblocking sockets, the details state information can be used within the info_callback function set with the SSL_set_info_callback() call. diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod index 6fce429bc0..65f056f5fa 100644 --- a/doc/man3/SSL_want.pod +++ b/doc/man3/SSL_want.pod @@ -33,7 +33,7 @@ return values are similar to that of L. Unlike L, which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated +nonblocking I/O. Error conditions are not handled and must be treated using L. The result returned by SSL_want() should always be consistent with diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 56a8c8b172..ef1193c674 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -45,7 +45,7 @@ before the first call to a write function. If the underlying BIO is B, the write functions will only return, once the write operation has been finished or an error occurred. -If the underlying BIO is B the write functions will also return +If the underlying BIO is B the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L with the return value of the write function will yield B @@ -53,7 +53,7 @@ or B. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check +nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index 474dd4dc4f..e6a6b6b0ca 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -38,7 +38,7 @@ it might be used in a verification callback to set an error based on additional checks. X509_STORE_CTX_get_error_depth() returns the B of the error. This is a -non-negative integer representing where in the certificate chain the error +nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. @@ -79,7 +79,7 @@ verification error B. X509_STORE_CTX_get_error() returns B or an error code. -X509_STORE_CTX_get_error_depth() returns a non-negative error depth. +X509_STORE_CTX_get_error_depth() returns a nonnegative error depth. X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or B if no certificate is relevant to the error. diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index 3c4ef8b098..b541901c00 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -24,8 +24,8 @@ The validity of the certificate and its trust level has to be checked by other means. X509_check_host() checks if the certificate Subject Alternative -Name (SAN) or Subject CommonName (CN) matches the specified host -name, which must be encoded in the preferred name syntax described +Name (SAN) or Subject CommonName (CN) matches the specified hostname, +which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 45c4d92cf6..a16f862bae 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -105,7 +105,7 @@ They do not define the semantics of the extension. This is a multi-valued extension which indicates whether a certificate is a CA certificate. The first value is B followed by B or B. If B is B then an optional B name followed by a -non-negative value can be included. +nonnegative value can be included. For example: diff --git a/util/find-doc-nits b/util/find-doc-nits index 3558180603..031076f05d 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -596,6 +596,7 @@ sub functionname_check { # This is from http://man7.org/linux/man-pages/man7/man-pages.7.html my %preferred_words = ( + '16bit' => '16-bit', 'a.k.a.' => 'aka', 'bitmask' => 'bit mask', 'builtin' => 'built-in', @@ -606,33 +607,40 @@ my %preferred_words = ( 'i-node' => 'inode', 'lower case' => 'lowercase', 'lower-case' => 'lowercase', + 'manpage' => 'man page', + 'non-blocking' => 'nonblocking', + 'non-default' => 'nondefault', + 'non-empty' => 'nonempty', + 'non-negative' => 'nonnegative', 'non-zero' => 'nonzero', 'path name' => 'pathname', + 'pre-allocated' => 'preallocated', 'pseudo-terminal' => 'pseudoterminal', - 'reserved port' => 'privileged port', - 'system port' => 'privileged port', - 'realtime' => 'real-time', 'real time' => 'real-time', + 'realtime' => 'real-time', + 'reserved port' => 'privileged port', 'runtime' => 'run time', 'saved group ID'=> 'saved set-group-ID', 'saved set-GID' => 'saved set-group-ID', - 'saved user ID' => 'saved set-user-ID', 'saved set-UID' => 'saved set-user-ID', + 'saved user ID' => 'saved set-user-ID', 'set-GID' => 'set-group-ID', - 'setgid' => 'set-group-ID', 'set-UID' => 'set-user-ID', + 'setgid' => 'set-group-ID', 'setuid' => 'set-user-ID', - 'super user' => 'superuser', - 'super-user' => 'superuser', + 'sub-system' => 'subsystem', 'super block' => 'superblock', 'super-block' => 'superblock', + 'super user' => 'superuser', + 'super-user' => 'superuser', + 'system port' => 'privileged port', 'time stamp' => 'timestamp', 'time zone' => 'timezone', 'upper case' => 'uppercase', 'upper-case' => 'uppercase', 'useable' => 'usable', - 'userspace' => 'user space', 'user name' => 'username', + 'userspace' => 'user space', 'zeroes' => 'zeros' ); From beldmit at gmail.com Wed Jul 22 07:38:50 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 22 Jul 2020 07:38:50 +0000 Subject: [openssl] master update Message-ID: <1595403530.044726.29768.nullmailer@dev.openssl.org> The branch master has been updated via 1d864f0f534fe38541c7adba5777935a0f2a2eb9 (commit) from 490c87110cc1fd673604fa1b94d5538f9fd852bb (commit) - Log ----------------------------------------------------------------- commit 1d864f0f534fe38541c7adba5777935a0f2a2eb9 Author: gujinqiang Date: Fri Jul 17 17:52:26 2020 +0800 Specific the engine pointer CLA: trivial I found that when I wanted to use an engine by the option-engine XXX , it didn't work. Checking the code, I guess it missed the engine pointer when calling EVP_CipherInit_ex. Reviewed-by: Shane Lontis Reviewed-by: Paul Yang Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12475) ----------------------------------------------------------------------- Summary of changes: apps/enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/enc.c b/apps/enc.c index 4d59391c22..0f4cdae3c2 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -551,7 +551,7 @@ int enc_main(int argc, char **argv) BIO_get_cipher_ctx(benc, &ctx); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { + if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(cipher)); ERR_print_errors(bio_err); From builds at travis-ci.com Wed Jul 22 08:06:54 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 08:06:54 +0000 Subject: Failed: openssl/openssl#36286 (master - bf19b64) In-Reply-To: Message-ID: <5f17f39da1b11_13fe4829bd0b050327b@travis-pro-tasks-5d7f6bdf99-zqtpd.mail> Build Update for openssl/openssl ------------------------------------- Build: #36286 Status: Failed Duration: 1 hr, 28 mins, and 16 secs Commit: bf19b64 (master) Author: Dr. David von Oheimb Message: Fix UI method setup, which should be independent of (deprecated) engine use Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12422) View the changeset: https://github.com/openssl/openssl/compare/90409da6a520...bf19b64aaeed View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176620051?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jul 22 10:20:23 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 22 Jul 2020 10:20:23 +0000 Subject: [openssl] master update Message-ID: <1595413223.820887.14594.nullmailer@dev.openssl.org> The branch master has been updated via 7b9f218838ad93ab6b8dd9cd4545703839ec037a (commit) via 41bbba537598522daaf8369778de6d1225a4998e (commit) via 77ae4f6ff7af7d099206a1fc229be7a3ea0e0596 (commit) via 9e5f344a87f08ee2f3886fbccba1957bca86e7ef (commit) via 340f82a4e7afcd09480653bc5ffbab372d9a0e1d (commit) from 1d864f0f534fe38541c7adba5777935a0f2a2eb9 (commit) - Log ----------------------------------------------------------------- commit 7b9f218838ad93ab6b8dd9cd4545703839ec037a Author: Pauli Date: Tue Jul 21 17:40:19 2020 +1000 document the deprecation of the '-public-key-methods' option to list Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11082) commit 41bbba537598522daaf8369778de6d1225a4998e Author: Pauli Date: Thu Feb 13 11:00:57 2020 +1000 EVP: deprecate the EVP_X_meth_ functions. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11082) commit 77ae4f6ff7af7d099206a1fc229be7a3ea0e0596 Author: Pauli Date: Wed Apr 22 10:38:10 2020 +1000 engines: fixed to work with EVP_*_meth calls deprecated Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11082) commit 9e5f344a87f08ee2f3886fbccba1957bca86e7ef Author: Pauli Date: Wed Apr 22 10:25:23 2020 +1000 evp_test: use correct deallocation for EVP_CIPHER Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11082) commit 340f82a4e7afcd09480653bc5ffbab372d9a0e1d Author: Pauli Date: Wed Apr 22 10:24:05 2020 +1000 evp_test: use correct deallocation for EVP_MD Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11082) ----------------------------------------------------------------------- Summary of changes: apps/genpkey.c | 4 +- apps/list.c | 8 +- build.info | 6 +- crypto/cms/cms_kari.c | 7 + crypto/engine/eng_openssl.c | 4 +- crypto/engine/tb_pkmeth.c | 4 +- crypto/evp/cmeth_lib.c | 6 + crypto/evp/evp_lib.c | 6 + doc/man1/openssl-list.pod.in | 15 +- doc/man3/EVP_CIPHER_meth_new.pod | 9 + doc/man3/EVP_MD_meth_new.pod | 9 + doc/man3/EVP_PKEY_meth_get_count.pod | 11 + doc/man3/EVP_PKEY_meth_new.pod | 11 + engines/e_afalg.c | 2 +- engines/e_capi.c | 2 +- engines/e_devcrypto.c | 2 +- include/openssl/evp.h | 598 ++++++++++++++++------------------- test/build.info | 8 +- test/enginetest.c | 2 +- test/evp_extra_test.c | 13 + test/evp_fetch_prov_test.c | 8 +- test/evp_test.c | 4 +- test/pkey_meth_test.c | 7 + test/recipes/30-test_engine.t | 4 + util/libcrypto.num | 180 +++++------ 25 files changed, 488 insertions(+), 442 deletions(-) diff --git a/apps/genpkey.c b/apps/genpkey.c index 17fb42eba6..389f0e620c 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -280,7 +280,7 @@ int init_gen_str(EVP_PKEY_CTX **pctx, ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (!ameth && e) ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); #endif @@ -293,7 +293,7 @@ int init_gen_str(EVP_PKEY_CTX **pctx, ERR_clear_error(); EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) ENGINE_finish(tmpeng); #endif ctx = EVP_PKEY_CTX_new_id(pkey_id, e); diff --git a/apps/list.c b/apps/list.c index f0ea7dc6ae..b58871b1c5 100644 --- a/apps/list.c +++ b/apps/list.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ +/* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED #include @@ -509,6 +509,7 @@ static void list_pkey(void) } } +#ifndef OPENSSL_NO_DEPRECATED_3_0 static void list_pkey_meth(void) { size_t i; @@ -524,6 +525,7 @@ static void list_pkey_meth(void) pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); } } +#endif #ifndef OPENSSL_NO_DEPRECATED_3_0 static void list_engines(void) @@ -727,9 +729,9 @@ const OPTIONS list_options[] = { "List of cipher algorithms"}, {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', "List of public key algorithms"}, +#ifndef OPENSSL_NO_DEPRECATED_3_0 {"public-key-methods", OPT_PK_METHOD, '-', "List of public key methods"}, -#ifndef OPENSSL_NO_DEPRECATED_3_0 {"engines", OPT_ENGINES, '-', "List of loaded engines"}, #endif @@ -867,9 +869,9 @@ opthelp: list_ciphers(); if (todo.pk_algorithms) list_pkey(); +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (todo.pk_method) list_pkey_meth(); -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (todo.engines) list_engines(); #endif diff --git a/build.info b/build.info index 4ad2b9af37..1c6787c800 100644 --- a/build.info +++ b/build.info @@ -1,6 +1,10 @@ # Note that some of these directories are filtered in Configure. Look for # %skipdir there for further explanations. -SUBDIRS=crypto ssl apps test util tools fuzz engines providers doc + +SUBDIRS=crypto ssl apps test util tools fuzz providers doc +IF[{- !$disabled{'deprecated-3.0'} -}] + SUBDIRS=engines +ENDIF LIBS=libcrypto libssl INCLUDE[libcrypto]=. include diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index a2149ce002..30d38b5fd6 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * Low level key APIs (DH etc) are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #include #include @@ -429,6 +435,7 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, return 0; keylen = EVP_CIPHER_key_length(cipher); if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { + /* TODO: make this not get a method we can call directly */ ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER, 0, &kekcipher); if (ret <= 0) diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 32e6f4e19f..2374af8ae9 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -12,8 +12,8 @@ #define OPENSSL_SUPPRESS_DEPRECATED /* - * RC4 and SHA-1 low level APIs are deprecated for public use, but still ok - * for internal use. + * RC4 and SHA-1 low level APIs and EVP _meth_ APISs are deprecated for public + * use, but still ok for internal use. */ #include "internal/deprecated.h" diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index 65ae42d33b..267640ae9b 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED +/* We need to use some deprecated APIs */ +#include "internal/deprecated.h" #include "eng_local.h" #include diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 37cca7a256..55f77133b5 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * EVP _meth_ APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index ef978ec6f1..9f2165dc59 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * EVP _meth_ APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in index 527e96a084..e13b6c34cf 100644 --- a/doc/man1/openssl-list.pod.in +++ b/doc/man1/openssl-list.pod.in @@ -20,11 +20,11 @@ B [B<-cipher-commands>] [B<-cipher-algorithms>] [B<-public-key-algorithms>] -[B<-public-key-methods>] -{- output_off() if $disabled{"deprecated-3.0"}; "" -} +{- output_off() if $disabled{"deprecated-3.0"}; "" +-}[B<-public-key-methods>] [B<-engines>] -{- output_on() if $disabled{"deprecated-3.0"}; "" -} -[B<-disabled>] +{- output_on() if $disabled{"deprecated-3.0"}; "" +-}[B<-disabled>] [B<-objects>] [B<-options> I] {- $OpenSSL::safe::opt_provider_synopsis -} @@ -90,11 +90,13 @@ information on what parameters each implementation supports. Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. +{- output_off() if $disabled{"deprecated-3.0"}; "" -} =item B<-public-key-methods> +This option is deprecated. + Display a list of public key method OIDs. -{- output_off() if $disabled{"deprecated-3.0"}; "" -} =item B<-engines> @@ -154,7 +156,8 @@ In both cases, C is the name of the provider. =head1 HISTORY -The B<-engines> option was deprecated in OpenSSL 3.0. +The B<-engines> and B<-public-key-methods> options were deprecated in +OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod index 2e4cea289e..dd73ee693c 100644 --- a/doc/man3/EVP_CIPHER_meth_new.pod +++ b/doc/man3/EVP_CIPHER_meth_new.pod @@ -17,6 +17,10 @@ EVP_CIPHER_meth_get_ctrl #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); @@ -65,6 +69,9 @@ EVP_CIPHER_meth_get_ctrl =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs. + The B type is a structure for symmetric cipher method implementation. @@ -234,6 +241,8 @@ L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + The functions described here were added in OpenSSL 1.1.0. The B structure created with these functions became reference counted in OpenSSL 3.0. diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod index 7777a33586..7beaaebc0b 100644 --- a/doc/man3/EVP_MD_meth_new.pod +++ b/doc/man3/EVP_MD_meth_new.pod @@ -18,6 +18,10 @@ EVP_MD_meth_get_ctrl #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); void EVP_MD_meth_free(EVP_MD *md); EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); @@ -56,6 +60,9 @@ EVP_MD_meth_get_ctrl =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs. + The B type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines. @@ -177,6 +184,8 @@ L, L, L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + The B structure was openly available in OpenSSL before version 1.1. The functions described here were added in OpenSSL 1.1. diff --git a/doc/man3/EVP_PKEY_meth_get_count.pod b/doc/man3/EVP_PKEY_meth_get_count.pod index 03dca86700..7b56de5c8a 100644 --- a/doc/man3/EVP_PKEY_meth_get_count.pod +++ b/doc/man3/EVP_PKEY_meth_get_count.pod @@ -8,6 +8,10 @@ EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + size_t EVP_PKEY_meth_get_count(void); const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, @@ -15,6 +19,9 @@ EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs. + EVP_PKEY_meth_count() returns a count of the number of public key methods available: it includes standard methods and any methods added by the application. @@ -38,6 +45,10 @@ EVP_PKEY_meth_get0_info() does not return a value. L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod index 643798f1fd..48df32f65b 100644 --- a/doc/man3/EVP_PKEY_meth_new.pod +++ b/doc/man3/EVP_PKEY_meth_new.pod @@ -29,6 +29,10 @@ EVP_PKEY_meth_remove #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); @@ -240,6 +244,9 @@ EVP_PKEY_meth_remove =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs. + B is a structure which holds a set of methods for a specific public key cryptographic algorithm. Those methods are usually used to perform different jobs, such as generating a key, signing or @@ -440,6 +447,10 @@ All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return values. For the 'get' functions, function pointers are returned by arguments. +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/engines/e_afalg.c b/engines/e_afalg.c index a3e6a69011..3b48ffb360 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ +/* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED /* Required for vmsplice */ diff --git a/engines/e_capi.c b/engines/e_capi.c index 0662dcab56..cff57d69e8 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ +/* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED #ifdef _WIN32 diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index 160a07b641..729bb1fe95 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ +/* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED #include "../e_os.h" diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 923550e9db..78771ca251 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -89,42 +89,47 @@ int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable); # define EVP_PKEY_MO_DECRYPT 0x0008 # ifndef EVP_MD -EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); -EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); -void EVP_MD_meth_free(EVP_MD *md); - -int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); -int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); -int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); -int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); -int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); -int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, - const void *data, - size_t count)); -int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, - unsigned char *md)); -int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, - const EVP_MD_CTX *from)); -int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); -int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2)); - -int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); -int EVP_MD_meth_get_result_size(const EVP_MD *md); -int EVP_MD_meth_get_app_datasize(const EVP_MD *md); -unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); -int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); -int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, - const void *data, - size_t count); -int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, - unsigned char *md); -int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, - const EVP_MD_CTX *from); -int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); -int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2); - +DEPRECATEDIN_3_0(EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)) +DEPRECATEDIN_3_0(EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)) +DEPRECATEDIN_3_0(void EVP_MD_meth_free(EVP_MD *md)) + +DEPRECATEDIN_3_0(int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_init(EVP_MD *md, + int (*init)(EVP_MD_CTX *ctx))) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_update(EVP_MD *md, + int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count))) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_final(EVP_MD *md, + int (*final)(EVP_MD_CTX *ctx, + unsigned char *md))) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_copy(EVP_MD *md, + int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from))) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_cleanup(EVP_MD *md, + int (*cleanup)(EVP_MD_CTX *ctx))) +DEPRECATEDIN_3_0(int EVP_MD_meth_set_ctrl(EVP_MD *md, + int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2))) + +DEPRECATEDIN_3_0(int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)) +DEPRECATEDIN_3_0(int EVP_MD_meth_get_result_size(const EVP_MD *md)) +DEPRECATEDIN_3_0(int EVP_MD_meth_get_app_datasize(const EVP_MD *md)) +DEPRECATEDIN_3_0(unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)) +DEPRECATEDIN_3_0(int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)) +DEPRECATEDIN_3_0(int (*EVP_MD_meth_get_update(const EVP_MD *md)) + (EVP_MD_CTX *ctx, const void *data, size_t count)) +DEPRECATEDIN_3_0(int (*EVP_MD_meth_get_final(const EVP_MD *md)) + (EVP_MD_CTX *ctx, unsigned char *md)) +DEPRECATEDIN_3_0(int (*EVP_MD_meth_get_copy(const EVP_MD *md)) + (EVP_MD_CTX *to, const EVP_MD_CTX *from)) +DEPRECATEDIN_3_0(int (*EVP_MD_meth_get_cleanup(const EVP_MD *md)) + (EVP_MD_CTX *ctx)) +DEPRECATEDIN_3_0(int (*EVP_MD_meth_get_ctrl(const EVP_MD *md)) + (EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) /* digest can only handle a single block */ # define EVP_MD_FLAG_ONESHOT 0x0001 @@ -199,51 +204,53 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, # define EVP_MD_CTX_FLAG_FINALISE 0x0200 /* NOTE: 0x0400 is reserved for internal usage */ -EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); -EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); -void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); - -int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); -int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); -int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); -int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +DEPRECATEDIN_3_0(EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, + int block_size, int key_len)) +DEPRECATEDIN_3_0(EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)) +DEPRECATEDIN_3_0(void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)) + +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, + int iv_len)) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, + unsigned long flags)) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, + int ctx_size)) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, - int enc)); -int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)); -int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup) (EVP_CIPHER_CTX *)); -int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)); -int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)); -int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl) (EVP_CIPHER_CTX *, int type, - int arg, void *ptr)); - -int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc); -int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl); -int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); -int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); -int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); -int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - int type, int arg, - void *ptr); + int enc))) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_do_cipher + (EVP_CIPHER *cipher, int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl))) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_cleanup + (EVP_CIPHER *cipher, int (*cleanup) (EVP_CIPHER_CTX *))) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_set_asn1_params + (EVP_CIPHER *cipher, int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *))) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_get_asn1_params + (EVP_CIPHER *cipher, int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *))) +DEPRECATEDIN_3_0(int EVP_CIPHER_meth_set_ctrl + (EVP_CIPHER *cipher, int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, + void *ptr))) + +DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_init + (const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc)) +DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher)) + (EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t inl)) +DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher)) + (EVP_CIPHER_CTX *)) +DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher)) + (EVP_CIPHER_CTX *, ASN1_TYPE *)) +DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher)) + (EVP_CIPHER_CTX *, ASN1_TYPE *)) +DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher)) + (EVP_CIPHER_CTX *, int type, int arg, void *ptr)) /* Values for cipher flags */ @@ -1528,16 +1535,17 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 -const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); -EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); -void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth); -void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); -void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); -int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); -int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); -size_t EVP_PKEY_meth_get_count(void); -const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +DEPRECATEDIN_3_0(const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)) +DEPRECATEDIN_3_0(EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)) +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth)) +DEPRECATEDIN_3_0(void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, + const EVP_PKEY_METHOD *src)) +DEPRECATEDIN_3_0(void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)) +DEPRECATEDIN_3_0(int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)) +DEPRECATEDIN_3_0(int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth)) +DEPRECATEDIN_3_0(size_t EVP_PKEY_meth_get_count(void)) +DEPRECATEDIN_3_0(const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)) EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); @@ -1710,243 +1718,185 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); -void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init) (EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)); - -void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup) (EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init) (EVP_PKEY_CTX *ctx), - int (*paramgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init) (EVP_PKEY_CTX *ctx), - int (*keygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init) (EVP_PKEY_CTX *ctx), - int (*sign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init) (EVP_PKEY_CTX *ctx), - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init) (EVP_PKEY_CTX - *ctx), - int (*verify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init) (EVP_PKEY_CTX *ctx, +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_copy + (EVP_PKEY_METHOD *pmeth, int (*copy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_cleanup + (EVP_PKEY_METHOD *pmeth, void (*cleanup) (EVP_PKEY_CTX *ctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_paramgen + (EVP_PKEY_METHOD *pmeth, int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_keygen + (EVP_PKEY_METHOD *pmeth, int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_sign + (EVP_PKEY_METHOD *pmeth, int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_verify + (EVP_PKEY_METHOD *pmeth, int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_verify_recover + (EVP_PKEY_METHOD *pmeth, int (*verify_recover_init) (EVP_PKEY_CTX *ctx), + int (*verify_recover) (EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_signctx + (EVP_PKEY_METHOD *pmeth, int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_verifyctx + (EVP_PKEY_METHOD *pmeth, int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*signctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*verifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init) (EVP_PKEY_CTX *ctx), - int (*encryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)); - -void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init) (EVP_PKEY_CTX *ctx), - int (*decrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)); - -void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init) (EVP_PKEY_CTX *ctx), - int (*derive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)); - -void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (*ctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)); - -void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, - int (*digestsign) (EVP_MD_CTX *ctx, - unsigned char *sig, - size_t *siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, - int (*digestverify) (EVP_MD_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, - int (*digest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, - int (**pinit) (EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, - int (**pcopy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)); - -void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, - void (**pcleanup) (EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, - int (**pparamgen_init) (EVP_PKEY_CTX *ctx), - int (**pparamgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)); - -void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, - int (**pkeygen_init) (EVP_PKEY_CTX *ctx), - int (**pkeygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)); - -void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, - int (**psign_init) (EVP_PKEY_CTX *ctx), - int (**psign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, - int (**pverify_init) (EVP_PKEY_CTX *ctx), - int (**pverify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, - int (**pverify_recover_init) (EVP_PKEY_CTX - *ctx), - int (**pverify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, - int (**psignctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (**psignctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, - int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (**pverifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, - int (**pencrypt_init) (EVP_PKEY_CTX *ctx), - int (**pencryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)); - -void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, - int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), - int (**pdecrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)); - -void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, - int (**pderive_init) (EVP_PKEY_CTX *ctx), - int (**pderive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)); - -void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, - int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (**pctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)); - -void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, - int (**digestsign) (EVP_MD_CTX *ctx, - unsigned char *sig, - size_t *siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, - int (**digestverify) (EVP_MD_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)); - -void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)); - -void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)); - -void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, - int (**pdigest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)); + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_encrypt + (EVP_PKEY_METHOD *pmeth, int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_decrypt + (EVP_PKEY_METHOD *pmeth, int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_derive + (EVP_PKEY_METHOD *pmeth, int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_ctrl + (EVP_PKEY_METHOD *pmeth, int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_digestsign + (EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_digestverify + (EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_check + (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_public_check + (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_param_check + (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_set_digest_custom + (EVP_PKEY_METHOD *pmeth, int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_init + (const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_copy + (const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_cleanup + (const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_paramgen + (const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_keygen + (const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_sign + (const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_verify + (const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_verify_recover + (const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), + int (**pverify_recover) (EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_signctx + (const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_verifyctx + (const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, + int siglen, EVP_MD_CTX *mctx))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_encrypt + (const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_decrypt + (const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_derive + (const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_ctrl + (const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, + const char *value))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_digestsign + (EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_digestverify + (EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_check + (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_public_check + (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_param_check + (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey))) + +DEPRECATEDIN_3_0(void EVP_PKEY_meth_get_digest_custom + (EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx))) void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); diff --git a/test/build.info b/test/build.info index ed547d1488..a49d9c6d6e 100644 --- a/test/build.info +++ b/test/build.info @@ -27,14 +27,14 @@ IF[{- !$disabled{tests} -}] INCLUDE[libtestutil.a]=../include ../apps/include .. DEPEND[libtestutil.a]=../libcrypto - PROGRAMS{noinst}=\ + PROGRAMS{noinst}= \ confdump \ versions \ aborttest test_test \ sanitytest rsa_complex exdatatest bntest \ ectest ecstresstest gmdifftest pbelutest \ destest mdc2test \ - enginetest exptest \ + exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test acvp_test evp_libctx_test \ v3nametest v3ext \ @@ -59,6 +59,10 @@ IF[{- !$disabled{tests} -}] context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test hexstr_test + IF[{- !$disabled{'deprecated-3.0'} -}] + PROGRAMS{noinst}=enginetest + ENDIF + SOURCE[confdump]=confdump.c INCLUDE[confdump]=../include ../apps/include DEPEND[confdump]=../libcrypto diff --git a/test/enginetest.c b/test/enginetest.c index f3f020cc30..67e4941cdf 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ +/* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED #include diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f31ba31e09..51b517fb95 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include @@ -1140,6 +1143,7 @@ static int test_set_get_raw_keys(int tst) && test_set_get_raw_keys_int(tst, 1, 1); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 static int pkey_custom_check(EVP_PKEY *pkey) { return 0xbeef; @@ -1156,6 +1160,7 @@ static int pkey_custom_param_check(EVP_PKEY *pkey) } static EVP_PKEY_METHOD *custom_pmeth; +#endif static int test_EVP_PKEY_check(int i) { @@ -1166,7 +1171,9 @@ static int test_EVP_PKEY_check(int i) EC_KEY *eckey = NULL; #endif EVP_PKEY_CTX *ctx = NULL; +#ifndef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_CTX *ctx2 = NULL; +#endif const APK_DATA *ak = &keycheckdata[i]; const unsigned char *input = ak->kder; size_t input_len = ak->size; @@ -1218,6 +1225,7 @@ static int test_EVP_PKEY_check(int i) if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) goto done; +#ifndef OPENSSL_NO_DEPRECATED_3_0 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); /* assign the pkey directly, as an internal test */ EVP_PKEY_up_ref(pkey); @@ -1231,12 +1239,15 @@ static int test_EVP_PKEY_check(int i) if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) goto done; +#endif ret = 1; done: EVP_PKEY_CTX_free(ctx); +#ifndef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_CTX_free(ctx2); +#endif EVP_PKEY_free(pkey); BIO_free(pubkey); return ret; @@ -1822,6 +1833,7 @@ int setup_tests(void) ADD_TEST(test_EVP_SM2_verify); #endif ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); +#ifndef OPENSSL_NO_DEPRECATED_3_0 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); if (!TEST_ptr(custom_pmeth)) return 0; @@ -1830,6 +1842,7 @@ int setup_tests(void) EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) return 0; +#endif ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); #ifndef OPENSSL_NO_CMAC ADD_TEST(test_CMAC_keygen); diff --git a/test/evp_fetch_prov_test.c b/test/evp_fetch_prov_test.c index 367493b5e7..d7f43f229d 100644 --- a/test/evp_fetch_prov_test.c +++ b/test/evp_fetch_prov_test.c @@ -146,7 +146,7 @@ static int test_EVP_MD_fetch(void) if (!TEST_true(EVP_MD_up_ref(md))) goto err; /* Ref count should now be 2. Release first one here */ - EVP_MD_meth_free(md); + EVP_MD_free(md); } else { if (!TEST_ptr_null(md)) goto err; @@ -154,7 +154,7 @@ static int test_EVP_MD_fetch(void) ret = 1; err: - EVP_MD_meth_free(md); + EVP_MD_free(md); OSSL_PROVIDER_unload(prov[0]); OSSL_PROVIDER_unload(prov[1]); /* Not normally needed, but we would like to test that @@ -218,7 +218,7 @@ static int test_EVP_CIPHER_fetch(void) if (!TEST_true(EVP_CIPHER_up_ref(cipher))) goto err; /* Ref count should now be 2. Release first one here */ - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); } } else { if (!TEST_ptr_null(cipher)) @@ -226,7 +226,7 @@ static int test_EVP_CIPHER_fetch(void) } ret = 1; err: - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); OSSL_PROVIDER_unload(prov[0]); OSSL_PROVIDER_unload(prov[1]); OPENSSL_CTX_free(ctx); diff --git a/test/evp_test.c b/test/evp_test.c index a1e205b20b..83b92a4166 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -369,7 +369,7 @@ static void digest_test_cleanup(EVP_TEST *t) sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free); OPENSSL_free(mdat->output); - EVP_MD_meth_free(mdat->fetched_digest); + EVP_MD_free(mdat->fetched_digest); } static int digest_test_parse(EVP_TEST *t, @@ -568,7 +568,7 @@ static void cipher_test_cleanup(EVP_TEST *t) for (i = 0; i < AAD_NUM; i++) OPENSSL_free(cdat->aad[i]); OPENSSL_free(cdat->tag); - EVP_CIPHER_meth_free(cdat->fetched_cipher); + EVP_CIPHER_free(cdat->fetched_cipher); } static int cipher_test_parse(EVP_TEST *t, const char *keyword, diff --git a/test/pkey_meth_test.c b/test/pkey_meth_test.c index 6f81249417..ecff269fec 100644 --- a/test/pkey_meth_test.c +++ b/test/pkey_meth_test.c @@ -9,6 +9,9 @@ /* Internal tests for EVP_PKEY method ordering */ +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include @@ -47,6 +50,7 @@ static int test_asn1_meths(void) return good; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Test of EVP_PKEY_METHOD ordering */ static int test_pkey_meths(void) { @@ -74,10 +78,13 @@ static int test_pkey_meths(void) } return good; } +#endif int setup_tests(void) { ADD_TEST(test_asn1_meths); +#ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_pkey_meths); +#endif return 1; } diff --git a/test/recipes/30-test_engine.t b/test/recipes/30-test_engine.t index 2edba22599..443c0484b2 100644 --- a/test/recipes/30-test_engine.t +++ b/test/recipes/30-test_engine.t @@ -11,8 +11,12 @@ use strict; use warnings; use OpenSSL::Test; +use OpenSSL::Test::Utils; setup("test_engine"); +plan skip_all => "engines are deprecated" + if disabled('deprecated-3.0'); + plan tests => 1; ok(run(test(["enginetest"])), "running enginetest"); diff --git a/util/libcrypto.num b/util/libcrypto.num index ff2bf030d3..5e9fa4ac6c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -37,7 +37,7 @@ PKCS7_set_cipher 37 3_0_0 EXIST::FUNCTION: BF_decrypt 38 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 PEM_read_bio_PUBKEY 39 3_0_0 EXIST::FUNCTION: X509_NAME_delete_entry 40 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_verify_recover 41 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_verify_recover 41 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 UI_set_method 42 3_0_0 EXIST::FUNCTION: PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST::FUNCTION: EC_GROUP_method_of 44 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC @@ -61,9 +61,9 @@ X509_PUBKEY_free 62 3_0_0 EXIST::FUNCTION: BIO_free_all 63 3_0_0 EXIST::FUNCTION: EVP_idea_ofb 64 3_0_0 EXIST::FUNCTION:IDEA DSO_bind_func 65 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_copy 66 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_copy 66 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RSA_up_ref 67 3_0_0 EXIST::FUNCTION:RSA -EVP_PKEY_meth_set_ctrl 68 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_ctrl 68 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_basic_sign 69 3_0_0 EXIST::FUNCTION:OCSP BN_GENCB_set 70 3_0_0 EXIST::FUNCTION: BN_generate_prime 71 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8 @@ -82,7 +82,7 @@ BN_add_word 83 3_0_0 EXIST::FUNCTION: EVP_des_ede 84 3_0_0 EXIST::FUNCTION:DES EVP_PKEY_add1_attr_by_OBJ 85 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_all_fds 86 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_set_do_cipher 87 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_do_cipher 87 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_set_pw_prompt 88 3_0_0 EXIST::FUNCTION: d2i_OCSP_RESPBYTES 89 3_0_0 EXIST::FUNCTION:OCSP TS_REQ_get_ext_by_NID 90 3_0_0 EXIST::FUNCTION:TS @@ -187,7 +187,7 @@ CMS_SignerInfo_get0_signer_id 190 3_0_0 EXIST::FUNCTION:CMS TS_TST_INFO_new 191 3_0_0 EXIST::FUNCTION:TS X509_REQ_check_private_key 192 3_0_0 EXIST::FUNCTION: EVP_DigestInit 193 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_find 194 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_find 194 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_VERIFY_PARAM_get_count 195 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_get_bit 196 3_0_0 EXIST::FUNCTION: EVP_PKEY_cmp 197 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -219,14 +219,14 @@ PEM_read_bio_PKCS8 222 3_0_0 EXIST::FUNCTION: X509_ATTRIBUTE_new 223 3_0_0 EXIST::FUNCTION: ASN1_STRING_TABLE_cleanup 224 3_0_0 EXIST::FUNCTION: ASN1_put_eoc 225 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_input_blocksize 226 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_input_blocksize 226 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS12_SAFEBAG_get0_attrs 227 3_0_0 EXIST::FUNCTION: PKCS8_get_attr 228 3_0_0 EXIST::FUNCTION: DSAparams_print_fp 229 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO EC_POINT_set_Jprojective_coordinates_GFp 230 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC DIST_POINT_NAME_new 231 3_0_0 EXIST::FUNCTION: X509_LOOKUP_file 232 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_decrypt 233 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_decrypt 233 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_rc2_ecb 234 3_0_0 EXIST::FUNCTION:RC2 i2b_PublicKey_bio 235 3_0_0 EXIST::FUNCTION:DSA d2i_ASN1_SET_ANY 236 3_0_0 EXIST::FUNCTION: @@ -242,7 +242,7 @@ BN_clear_free 246 3_0_0 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DSO_merge 248 3_0_0 EXIST::FUNCTION: RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -EVP_PKEY_meth_get_decrypt 250 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_decrypt 250 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 DES_cfb_encrypt 251 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES CMS_SignerInfo_set1_signer_cert 252 3_0_0 EXIST::FUNCTION:CMS X509_CRL_load_http 253 3_0_0 EXIST::FUNCTION:SOCK @@ -346,7 +346,7 @@ PKCS7_stream 352 3_0_0 EXIST::FUNCTION: i2t_ASN1_OBJECT 353 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_generator 354 3_0_0 EXIST::FUNCTION:EC RSA_padding_add_PKCS1_PSS_mgf1 355 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -EVP_MD_meth_set_init 356 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_init 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_get_issuer_name 357 3_0_0 EXIST::FUNCTION: EVP_SignFinal 358 3_0_0 EXIST::FUNCTION: PKCS12_mac_present 359 3_0_0 EXIST::FUNCTION: @@ -388,7 +388,7 @@ EVP_des_ede3_cfb8 395 3_0_0 EXIST::FUNCTION:DES BIO_dump_indent_fp 396 3_0_0 EXIST::FUNCTION:STDIO X509_NAME_ENTRY_get_data 397 3_0_0 EXIST::FUNCTION: BIO_socket 398 3_0_0 EXIST::FUNCTION:SOCK -EVP_PKEY_meth_get_derive 399 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_derive 399 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_STRING_clear_free 400 3_0_0 EXIST::FUNCTION: d2i_OCSP_REVOKEDINFO 401 3_0_0 EXIST::FUNCTION:OCSP ASN1_STRING_print_ex_fp 402 3_0_0 EXIST::FUNCTION:STDIO @@ -541,7 +541,7 @@ ECParameters_print 552 3_0_0 EXIST::FUNCTION:EC OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP RAND_status 554 3_0_0 EXIST::FUNCTION: EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160 -EVP_MD_meth_set_final 556 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_final 556 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_cmd_defns 557 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_PKEY_USAGE_PERIOD 558 3_0_0 EXIST::FUNCTION: RSAPublicKey_dup 559 3_0_0 EXIST::FUNCTION:RSA @@ -557,7 +557,7 @@ RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION: ASN1_digest 570 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_cleanup 572 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_cleanup 572 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_X509 574 3_0_0 EXIST::FUNCTION: a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION: EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC @@ -573,12 +573,12 @@ ENGINE_get_RAND 586 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 EVP_DecryptInit 587 3_0_0 EXIST::FUNCTION: BN_bin2bn 588 3_0_0 EXIST::FUNCTION: X509_subject_name_hash 589 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_set_flags 590 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_flags 590 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 TS_CONF_set_clock_precision_digits 591 3_0_0 EXIST::FUNCTION:TS ASN1_TYPE_set 592 3_0_0 EXIST::FUNCTION: i2d_PKCS8_PRIV_KEY_INFO 593 3_0_0 EXIST::FUNCTION: i2d_PKCS7_bio 594 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_get_copy 595 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_copy 595 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RAND_query_egd_bytes 596 3_0_0 EXIST::FUNCTION:EGD i2d_ASN1_PRINTABLE 597 3_0_0 EXIST::FUNCTION: ENGINE_cmd_is_executable 598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -648,7 +648,7 @@ EVP_MD_do_all 664 3_0_0 EXIST::FUNCTION: EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:EC CONF_parse_list 666 3_0_0 EXIST::FUNCTION: ENGINE_set_table_flags 667 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -EVP_MD_meth_get_ctrl 668 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_ctrl 668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_TYPE_get_int_octetstring 669 3_0_0 EXIST::FUNCTION: PKCS5_pbe_set0_algor 670 3_0_0 EXIST::FUNCTION: ENGINE_get_table_flags 671 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -685,7 +685,7 @@ ASN1_item_d2i 702 3_0_0 EXIST::FUNCTION: BIO_int_ctrl 703 3_0_0 EXIST::FUNCTION: CMS_ReceiptRequest_it 704 3_0_0 EXIST::FUNCTION:CMS X509_ATTRIBUTE_get0_type 705 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_copy 706 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_copy 706 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_ASN1_ENUMERATED 707 3_0_0 EXIST::FUNCTION: d2i_ASIdOrRange 708 3_0_0 EXIST::FUNCTION:RFC3779 i2s_ASN1_OCTET_STRING 709 3_0_0 EXIST::FUNCTION: @@ -733,12 +733,12 @@ CRYPTO_THREAD_get_local 751 3_0_0 EXIST::FUNCTION: PKCS7_to_TS_TST_INFO 752 3_0_0 EXIST::FUNCTION:TS X509_STORE_CTX_new 753 3_0_0 EXIST::FUNCTION: CTLOG_STORE_new 754 3_0_0 EXIST::FUNCTION:CT -EVP_CIPHER_meth_set_cleanup 755 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_cleanup 755 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_PKCS12_SAFEBAG 756 3_0_0 EXIST::FUNCTION: EVP_MD_pkey_type 757 3_0_0 EXIST::FUNCTION: X509_policy_node_get0_qualifiers 758 3_0_0 EXIST::FUNCTION: OCSP_cert_status_str 759 3_0_0 EXIST::FUNCTION:OCSP -EVP_MD_meth_get_flags 760 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_flags 760 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_ENUMERATED_set 761 3_0_0 EXIST::FUNCTION: UI_UTIL_read_pw 762 3_0_0 EXIST::FUNCTION: PKCS7_ENC_CONTENT_free 763 3_0_0 EXIST::FUNCTION: @@ -758,7 +758,7 @@ PKCS7_dataVerify 776 3_0_0 EXIST::FUNCTION: PKCS7_SIGNER_INFO_free 777 3_0_0 EXIST::FUNCTION: PKCS7_add_attrib_smimecap 778 3_0_0 EXIST::FUNCTION: ERR_peek_last_error_line_data 779 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_meth_set_sign 780 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_sign 780 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_i2d_bio 781 3_0_0 EXIST::FUNCTION: DSA_verify 782 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA i2a_ASN1_OBJECT 783 3_0_0 EXIST::FUNCTION: @@ -773,7 +773,7 @@ CRYPTO_ocb128_encrypt 791 3_0_0 EXIST::FUNCTION:OCB EXTENDED_KEY_USAGE_new 792 3_0_0 EXIST::FUNCTION: EVP_EncryptFinal 793 3_0_0 EXIST::FUNCTION: PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:EC,STDIO -EVP_CIPHER_meth_set_get_asn1_params 796 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_get_asn1_params 796 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_dataInit 797 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_app_data 798 3_0_0 EXIST::FUNCTION: a2i_GENERAL_NAME 799 3_0_0 EXIST::FUNCTION: @@ -852,11 +852,11 @@ TS_STATUS_INFO_set_status 872 3_0_0 EXIST::FUNCTION:TS RSA_verify 873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ASN1_FBOOLEAN_it 874 3_0_0 EXIST::FUNCTION: d2i_ASN1_TIME 875 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_signctx 876 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_signctx 876 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EC_KEY_METHOD_set_compute_key 877 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_REQ_INFO_free 878 3_0_0 EXIST::FUNCTION: CMS_ReceiptRequest_create0 879 3_0_0 EXIST::FUNCTION:CMS -EVP_MD_meth_set_cleanup 880 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_cleanup 880 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_aes_128_xts 881 3_0_0 EXIST::FUNCTION: TS_RESP_verify_signature 883 3_0_0 EXIST::FUNCTION:TS ENGINE_set_pkey_meths 884 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -934,7 +934,7 @@ i2d_PKCS8_bio 957 3_0_0 EXIST::FUNCTION: v2i_ASN1_BIT_STRING 958 3_0_0 EXIST::FUNCTION: PKEY_USAGE_PERIOD_new 959 3_0_0 EXIST::FUNCTION: OBJ_NAME_init 960 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_keygen 961 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_keygen 961 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RSA_PSS_PARAMS_new 962 3_0_0 EXIST::FUNCTION:RSA RSA_sign 963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_DigestVerifyFinal 964 3_0_0 EXIST::FUNCTION: @@ -984,7 +984,7 @@ BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION: ASN1_item_digest 1009 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set_trust 1010 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get_error 1011 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_encrypt 1012 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_encrypt 1012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_UTCTIME_it 1013 3_0_0 EXIST::FUNCTION: i2d_DSA_PUBKEY_fp 1014 3_0_0 EXIST::FUNCTION:DSA,STDIO X509at_get_attr_by_OBJ 1015 3_0_0 EXIST::FUNCTION: @@ -1033,7 +1033,7 @@ RC2_ofb64_encrypt 1059 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ PKCS12_pbe_crypt 1060 3_0_0 EXIST::FUNCTION: ASIdentifiers_free 1061 3_0_0 EXIST::FUNCTION:RFC3779 X509_VERIFY_PARAM_get0 1062 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_get_input_blocksize 1063 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_input_blocksize 1063 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 TS_ACCURACY_get_micros 1064 3_0_0 EXIST::FUNCTION:TS PKCS12_SAFEBAG_create_cert 1065 3_0_0 EXIST::FUNCTION: CRYPTO_mem_debug_malloc 1066 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 @@ -1099,7 +1099,7 @@ ASN1_item_new 1125 3_0_0 EXIST::FUNCTION: CRYPTO_cts128_encrypt 1126 3_0_0 EXIST::FUNCTION: RC2_encrypt 1127 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 PEM_write 1128 3_0_0 EXIST::FUNCTION:STDIO -EVP_CIPHER_meth_get_get_asn1_params 1129 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_get_get_asn1_params 1129 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_OCSP_RESPBYTES 1130 3_0_0 EXIST::FUNCTION:OCSP d2i_ASN1_UTF8STRING 1131 3_0_0 EXIST::FUNCTION: EXTENDED_KEY_USAGE_it 1132 3_0_0 EXIST::FUNCTION: @@ -1208,7 +1208,7 @@ PKCS12_add_cert 1234 3_0_0 EXIST::FUNCTION: X509_NAME_hash_old 1235 3_0_0 EXIST::FUNCTION: PBKDF2PARAM_free 1236 3_0_0 EXIST::FUNCTION: i2d_CMS_ContentInfo 1237 3_0_0 EXIST::FUNCTION:CMS -EVP_CIPHER_meth_set_ctrl 1238 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_ctrl 1238 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RSA_public_decrypt 1239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ENGINE_get_id 1240 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS12_item_decrypt_d2i 1241 3_0_0 EXIST::FUNCTION: @@ -1288,7 +1288,7 @@ ENGINE_set_cmd_defns 1316 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ d2i_ASN1_NULL 1317 3_0_0 EXIST::FUNCTION: RAND_event 1318 3_0_0 EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0 i2d_PKCS12_fp 1319 3_0_0 EXIST::FUNCTION:STDIO -EVP_PKEY_meth_get_init 1320 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_init 1320 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_check_trust 1321 3_0_0 EXIST::FUNCTION: b2i_PrivateKey 1322 3_0_0 EXIST::FUNCTION:DSA HMAC_Init_ex 1323 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -1327,7 +1327,7 @@ i2v_GENERAL_NAME 1355 3_0_0 EXIST::FUNCTION: PKCS7_ENC_CONTENT_new 1356 3_0_0 EXIST::FUNCTION: CRYPTO_realloc 1357 3_0_0 EXIST::FUNCTION: BIO_ctrl_pending 1358 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_new 1360 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_new 1360 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_sign_ctx 1361 3_0_0 EXIST::FUNCTION: BN_is_odd 1362 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get_current_cert 1363 3_0_0 EXIST::FUNCTION: @@ -1353,7 +1353,7 @@ i2d_PKCS12_BAGS 1383 3_0_0 EXIST::FUNCTION: CERTIFICATEPOLICIES_free 1385 3_0_0 EXIST::FUNCTION: X509V3_get_section 1386 3_0_0 EXIST::FUNCTION: BIO_parse_hostserv 1387 3_0_0 EXIST::FUNCTION:SOCK -EVP_PKEY_meth_set_cleanup 1388 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_cleanup 1388 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PROXY_CERT_INFO_EXTENSION_free 1389 3_0_0 EXIST::FUNCTION: X509_dup 1390 3_0_0 EXIST::FUNCTION: EDIPARTYNAME_free 1391 3_0_0 EXIST::FUNCTION: @@ -1372,7 +1372,7 @@ PEM_X509_INFO_write_bio 1404 3_0_0 EXIST::FUNCTION: BIO_dump_cb 1405 3_0_0 EXIST::FUNCTION: v2i_GENERAL_NAMES 1406 3_0_0 EXIST::FUNCTION: EVP_des_ede3_ofb 1407 3_0_0 EXIST::FUNCTION:DES -EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 SRP_Calc_server_key 1409 3_0_0 EXIST::FUNCTION:SRP BN_mod_exp_simple 1410 3_0_0 EXIST::FUNCTION: BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION: @@ -1459,7 +1459,7 @@ CTLOG_STORE_free 1492 3_0_0 EXIST::FUNCTION:CT ENGINE_get_pkey_meths 1493 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE i2d_TS_REQ_bio 1494 3_0_0 EXIST::FUNCTION:TS EVP_PKEY_CTX_get_operation 1495 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_ctrl 1496 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_ctrl 1496 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_EXTENSION_set_critical 1497 3_0_0 EXIST::FUNCTION: BIO_ADDR_clear 1498 3_0_0 EXIST::FUNCTION:SOCK ENGINE_get_DSA 1499 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -1488,7 +1488,7 @@ ASYNC_pause_job 1521 3_0_0 EXIST::FUNCTION: OCSP_BASICRESP_new 1522 3_0_0 EXIST::FUNCTION:OCSP EVP_camellia_256_ofb 1523 3_0_0 EXIST::FUNCTION:CAMELLIA PKCS12_item_i2d_encrypt 1524 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_copy 1525 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_copy 1525 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EC_POINT_clear_free 1526 3_0_0 EXIST::FUNCTION:EC i2s_ASN1_ENUMERATED_TABLE 1527 3_0_0 EXIST::FUNCTION: PKCS7_verify 1528 3_0_0 EXIST::FUNCTION: @@ -1523,7 +1523,7 @@ EVP_CIPHER_CTX_block_size 1556 3_0_0 EXIST::FUNCTION: DIRECTORYSTRING_free 1557 3_0_0 EXIST::FUNCTION: TS_CONF_set_default_engine 1558 3_0_0 EXIST::FUNCTION:ENGINE,TS BN_set_bit 1559 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_app_datasize 1560 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_app_datasize 1560 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 DSO_free 1561 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_tsa 1562 3_0_0 EXIST::FUNCTION:TS EC_GROUP_check 1563 3_0_0 EXIST::FUNCTION:EC @@ -1572,7 +1572,7 @@ TS_ext_print_bio 1607 3_0_0 EXIST::FUNCTION:TS SCT_set1_log_id 1608 3_0_0 EXIST::FUNCTION:CT X509_get0_pubkey_bitstr 1609 3_0_0 EXIST::FUNCTION: ENGINE_register_all_RAND 1610 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -EVP_MD_meth_get_result_size 1612 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_result_size 1612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BIO_ADDRINFO_address 1613 3_0_0 EXIST::FUNCTION:SOCK ASN1_STRING_print_ex 1614 3_0_0 EXIST::FUNCTION: i2d_CMS_ReceiptRequest 1615 3_0_0 EXIST::FUNCTION:CMS @@ -1701,7 +1701,7 @@ i2d_PrivateKey 1739 3_0_0 EXIST::FUNCTION: i2d_OCSP_ONEREQ 1740 3_0_0 EXIST::FUNCTION:OCSP OPENSSL_issetugid 1741 3_0_0 EXIST::FUNCTION: d2i_ASN1_OBJECT 1742 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_flags 1743 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_flags 1743 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_idea_cbc 1744 3_0_0 EXIST::FUNCTION:IDEA EC_POINT_cmp 1745 3_0_0 EXIST::FUNCTION:EC ASN1_buf_print 1746 3_0_0 EXIST::FUNCTION: @@ -1741,7 +1741,7 @@ TS_TST_INFO_get_ext_by_NID 1781 3_0_0 EXIST::FUNCTION:TS EVP_aes_256_cfb1 1782 3_0_0 EXIST::FUNCTION: X509_issuer_name_cmp 1783 3_0_0 EXIST::FUNCTION: CMS_RecipientEncryptedKey_get0_id 1784 3_0_0 EXIST::FUNCTION:CMS -EVP_PKEY_meth_get_verify_recover 1785 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_verify_recover 1785 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 NAME_CONSTRAINTS_check 1786 3_0_0 EXIST::FUNCTION: X509_CERT_AUX_it 1787 3_0_0 EXIST::FUNCTION: X509_get_X509_PUBKEY 1789 3_0_0 EXIST::FUNCTION: @@ -1789,7 +1789,7 @@ TS_TST_INFO_get_time 1830 3_0_0 EXIST::FUNCTION:TS ASN1_VISIBLESTRING_it 1831 3_0_0 EXIST::FUNCTION: X509V3_EXT_REQ_add_conf 1832 3_0_0 EXIST::FUNCTION: ASN1_STRING_to_UTF8 1833 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_camellia_192_cbc 1836 3_0_0 EXIST::FUNCTION:CAMELLIA OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION: PKCS7_set_signed_attributes 1838 3_0_0 EXIST::FUNCTION: @@ -1868,7 +1868,7 @@ EC_GROUP_get_degree 1912 3_0_0 EXIST::FUNCTION:EC X509_ALGOR_set0 1913 3_0_0 EXIST::FUNCTION: OPENSSL_LH_set_down_load 1914 3_0_0 EXIST::FUNCTION: X509v3_asid_inherits 1915 3_0_0 EXIST::FUNCTION:RFC3779 -EVP_MD_meth_get_app_datasize 1916 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_app_datasize 1916 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_STORE_CTX_get_num_untrusted 1917 3_0_0 EXIST::FUNCTION: RAND_poll 1918 3_0_0 EXIST::FUNCTION: EVP_PKEY_print_public 1919 3_0_0 EXIST::FUNCTION: @@ -1912,7 +1912,7 @@ X509_get_pubkey 1957 3_0_0 EXIST::FUNCTION: i2d_X509_NAME 1958 3_0_0 EXIST::FUNCTION: EVP_PKEY_add1_attr 1959 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_purpose_inherit 1960 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_keygen 1961 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_keygen 1961 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_pkey_asn1_meth 1962 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE SHA256_Update 1963 3_0_0 EXIST::FUNCTION: d2i_PKCS7_ISSUER_AND_SERIAL 1964 3_0_0 EXIST::FUNCTION: @@ -1940,7 +1940,7 @@ X509_CRL_verify 1985 3_0_0 EXIST::FUNCTION: X509_get0_uids 1986 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_DSA 1987 3_0_0 EXIST::FUNCTION:DSA d2i_CMS_ContentInfo 1988 3_0_0 EXIST::FUNCTION:CMS -EVP_CIPHER_meth_get_do_cipher 1989 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_get_do_cipher 1989 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_DSA_PUBKEY 1990 3_0_0 EXIST::FUNCTION:DSA GENERAL_NAME_it 1991 3_0_0 EXIST::FUNCTION: EVP_des_ede_ecb 1992 3_0_0 EXIST::FUNCTION:DES @@ -2015,7 +2015,7 @@ UI_method_set_prompt_constructor 2061 3_0_0 EXIST::FUNCTION: OBJ_length 2062 3_0_0 EXIST::FUNCTION: BN_GENCB_get_arg 2063 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_clear_flags 2064 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_verifyctx 2065 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_verifyctx 2065 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CT_POLICY_EVAL_CTX_get0_cert 2066 3_0_0 EXIST::FUNCTION:CT PEM_write_DHparams 2067 3_0_0 EXIST::FUNCTION:DH,STDIO DH_set_ex_data 2068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH @@ -2388,14 +2388,14 @@ EVP_enc_null 2438 3_0_0 EXIST::FUNCTION: OCSP_ONEREQ_get_ext_by_critical 2439 3_0_0 EXIST::FUNCTION:OCSP OCSP_request_onereq_count 2440 3_0_0 EXIST::FUNCTION:OCSP BN_hex2bn 2441 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_set_impl_ctx_size 2442 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_impl_ctx_size 2442 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASIdentifiers_new 2443 3_0_0 EXIST::FUNCTION:RFC3779 CONF_imodule_get_flags 2444 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_it 2445 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_set_set_asn1_params 2446 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_set_asn1_params 2446 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:EC X509_OBJECT_idx_by_subject 2448 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_copy 2449 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_copy 2449 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 NETSCAPE_CERT_SEQUENCE_new 2450 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_decrypt 2451 3_0_0 EXIST::FUNCTION:OCB ASYNC_WAIT_CTX_free 2452 3_0_0 EXIST::FUNCTION: @@ -2431,11 +2431,11 @@ ENGINE_get_prev 2481 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ OCSP_accept_responses_new 2482 3_0_0 EXIST::FUNCTION:OCSP ERR_load_EC_strings 2483 3_0_0 EXIST::FUNCTION:EC X509V3_string_free 2484 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_paramgen 2485 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_paramgen 2485 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_set_load_ssl_client_cert_function 2486 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_ENCODE_CTX_free 2487 3_0_0 EXIST::FUNCTION: i2d_ASN1_BIT_STRING 2488 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_verifyctx 2489 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_verifyctx 2489 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_TRUST_add 2490 3_0_0 EXIST::FUNCTION: BUF_MEM_free 2491 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_accuracy 2492 3_0_0 EXIST::FUNCTION:TS @@ -2511,16 +2511,16 @@ PEM_read_bio_X509 2564 3_0_0 EXIST::FUNCTION: DES_key_sched 2565 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES GENERAL_NAME_dup 2566 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get1_crls 2567 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_verify 2568 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_verify 2568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_sha256 2569 3_0_0 EXIST::FUNCTION: CMS_unsigned_delete_attr 2570 3_0_0 EXIST::FUNCTION:CMS EVP_md5_sha1 2571 3_0_0 EXIST::FUNCTION:MD5 EVP_PKEY_sign_init 2572 3_0_0 EXIST::FUNCTION: OPENSSL_LH_insert 2573 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_get_cleanup 2574 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_get_cleanup 2574 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_item_ex_d2i 2575 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_free 2576 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_new 2577 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_free 2576 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_new 2577 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OCSP_SERVICELOC_it 2579 3_0_0 EXIST::FUNCTION:OCSP PKCS12_SAFEBAG_get_nid 2580 3_0_0 EXIST::FUNCTION: @@ -2584,7 +2584,7 @@ CRYPTO_set_mem_functions 2638 3_0_0 EXIST::FUNCTION: i2d_ASN1_VISIBLESTRING 2639 3_0_0 EXIST::FUNCTION: d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION: ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP -EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4 RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION: @@ -2634,7 +2634,7 @@ OCSP_check_validity 2690 3_0_0 EXIST::FUNCTION:OCSP PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:EC,STDIO X509_VERIFY_PARAM_lookup 2692 3_0_0 EXIST::FUNCTION: X509_LOOKUP_by_fingerprint 2693 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_free 2694 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_free 2694 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_RECIP_INFO_new 2695 3_0_0 EXIST::FUNCTION: d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:EC,STDIO TS_CONF_set_ordering 2697 3_0_0 EXIST::FUNCTION:TS @@ -2867,7 +2867,7 @@ EVP_PKEY_asn1_set_param 2928 3_0_0 EXIST::FUNCTION: BN_RECP_CTX_free 2929 3_0_0 EXIST::FUNCTION: BN_with_flags 2930 3_0_0 EXIST::FUNCTION: DSO_ctrl 2931 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_get_final 2932 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_final 2932 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_TYPE_get_octetstring 2933 3_0_0 EXIST::FUNCTION: ENGINE_by_id 2934 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_PKCS7_SIGNER_INFO 2935 3_0_0 EXIST::FUNCTION: @@ -2940,9 +2940,9 @@ BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION: SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0,DH -EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_get_version 3007 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PEM_read_bio_RSAPublicKey 3009 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_asn1_set_private 3010 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_RSA 3011 3_0_0 EXIST::FUNCTION:RSA @@ -3005,7 +3005,7 @@ ERR_load_BN_strings 3069 3_0_0 EXIST::FUNCTION: BF_encrypt 3070 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 MD5 3071 3_0_0 EXIST::FUNCTION:MD5 BN_GF2m_arr2poly 3072 3_0_0 EXIST::FUNCTION:EC2M -EVP_PKEY_meth_get_ctrl 3073 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_ctrl 3073 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_X509_REQ_bio 3074 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_name 3075 3_0_0 EXIST::FUNCTION: d2i_RSAPublicKey_bio 3076 3_0_0 EXIST::FUNCTION:RSA @@ -3063,7 +3063,7 @@ CRYPTO_THREAD_lock_free 3127 3_0_0 EXIST::FUNCTION: TS_ACCURACY_get_seconds 3128 3_0_0 EXIST::FUNCTION:TS BN_options 3129 3_0_0 EXIST::FUNCTION: BIO_debug_callback 3130 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_get_update 3131 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_update 3131 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 GENERAL_NAME_set0_othername 3132 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_set_bit 3133 3_0_0 EXIST::FUNCTION: EVP_aes_256_ccm 3134 3_0_0 EXIST::FUNCTION: @@ -3074,7 +3074,7 @@ i2d_ISSUING_DIST_POINT 3138 3_0_0 EXIST::FUNCTION: TXT_DB_free 3139 3_0_0 EXIST::FUNCTION: ASN1_STRING_set 3140 3_0_0 EXIST::FUNCTION: d2i_ESS_CERT_ID 3141 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_derive 3142 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_derive 3142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OPENSSL_LH_stats 3143 3_0_0 EXIST::FUNCTION:STDIO NCONF_dump_fp 3144 3_0_0 EXIST::FUNCTION:STDIO TS_STATUS_INFO_print_bio 3145 3_0_0 EXIST::FUNCTION:TS @@ -3256,7 +3256,7 @@ PKCS12_add_friendlyname_uni 3322 3_0_0 EXIST::FUNCTION: X509_policy_tree_level_count 3323 3_0_0 EXIST::FUNCTION: OBJ_sn2nid 3324 3_0_0 EXIST::FUNCTION: CTLOG_free 3325 3_0_0 EXIST::FUNCTION:CT -EVP_CIPHER_meth_dup 3326 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_dup 3326 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CMS_get1_crls 3327 3_0_0 EXIST::FUNCTION:CMS X509_aux_print 3328 3_0_0 EXIST::FUNCTION: OPENSSL_thread_stop 3330 3_0_0 EXIST::FUNCTION: @@ -3284,7 +3284,7 @@ ASN1_UTCTIME_adj 3351 3_0_0 EXIST::FUNCTION: BN_mod_sqrt 3352 3_0_0 EXIST::FUNCTION: OPENSSL_sk_is_sorted 3353 3_0_0 EXIST::FUNCTION: OCSP_SIGNATURE_new 3354 3_0_0 EXIST::FUNCTION:OCSP -EVP_PKEY_meth_get_paramgen 3355 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_paramgen 3355 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_ATTRIBUTE_create_by_OBJ 3356 3_0_0 EXIST::FUNCTION: RSA_generate_key_ex 3357 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CMS_SignerInfo_get0_algs 3358 3_0_0 EXIST::FUNCTION:CMS @@ -3330,10 +3330,10 @@ SHA512_Transform 3399 3_0_0 EXIST::FUNCTION: ERR_add_error_vdata 3400 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_get_ext 3401 3_0_0 EXIST::FUNCTION:OCSP NETSCAPE_SPKAC_new 3402 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_verify 3403 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_verify 3403 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CRYPTO_128_wrap 3404 3_0_0 EXIST::FUNCTION: X509_STORE_set_lookup_crls 3405 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_meth_get_ctrl 3406 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_get_ctrl 3406 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_REQ_CTX_set1_req 3407 3_0_0 EXIST::FUNCTION:OCSP CONF_imodule_get_usr_data 3408 3_0_0 EXIST::FUNCTION: CRYPTO_new_ex_data 3409 3_0_0 EXIST::FUNCTION: @@ -3355,7 +3355,7 @@ ASN1_GENERALIZEDTIME_print 3424 3_0_0 EXIST::FUNCTION: BIO_s_null 3425 3_0_0 EXIST::FUNCTION: PEM_ASN1_read 3426 3_0_0 EXIST::FUNCTION:STDIO SCT_get_log_entry_type 3427 3_0_0 EXIST::FUNCTION:CT -EVP_CIPHER_meth_get_init 3428 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_get_init 3428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_ALGOR_free 3429 3_0_0 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_count 3430 3_0_0 EXIST::FUNCTION:OCSP EC_POINT_free 3431 3_0_0 EXIST::FUNCTION:EC @@ -3365,7 +3365,7 @@ UI_method_get_writer 3434 3_0_0 EXIST::FUNCTION: BN_secure_new 3435 3_0_0 EXIST::FUNCTION: SHA1_Update 3437 3_0_0 EXIST::FUNCTION: BIO_s_connect 3438 3_0_0 EXIST::FUNCTION:SOCK -EVP_MD_meth_get_init 3439 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_get_init 3439 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_BIT_STRING_free 3440 3_0_0 EXIST::FUNCTION: i2d_PROXY_CERT_INFO_EXTENSION 3441 3_0_0 EXIST::FUNCTION: ASN1_IA5STRING_new 3442 3_0_0 EXIST::FUNCTION: @@ -3395,7 +3395,7 @@ CRYPTO_get_ex_data 3465 3_0_0 EXIST::FUNCTION: X509_PURPOSE_get0_sname 3466 3_0_0 EXIST::FUNCTION: RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA HMAC_CTX_reset 3468 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_meth_set_init 3469 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_init 3469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_REQ_extension_nid 3470 3_0_0 EXIST::FUNCTION: ENGINE_up_ref 3471 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BN_BLINDING_invert_ex 3472 3_0_0 EXIST::FUNCTION: @@ -3478,7 +3478,7 @@ CMS_decrypt 3550 3_0_0 EXIST::FUNCTION:CMS BN_mpi2bn 3551 3_0_0 EXIST::FUNCTION: EVP_aes_128_cfb128 3552 3_0_0 EXIST::FUNCTION: RC5_32_ecb_encrypt 3554 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 -EVP_CIPHER_meth_new 3555 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_new 3555 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_RSA_OAEP_PARAMS 3556 3_0_0 EXIST::FUNCTION:RSA SXNET_get_id_ulong 3557 3_0_0 EXIST::FUNCTION: BIO_get_callback_arg 3558 3_0_0 EXIST::FUNCTION: @@ -3509,7 +3509,7 @@ X509_CRL_get_ext_by_critical 3584 3_0_0 EXIST::FUNCTION: ASN1_STRING_type 3585 3_0_0 EXIST::FUNCTION: X509_REQ_add1_attr_by_txt 3586 3_0_0 EXIST::FUNCTION: PEM_write_RSAPublicKey 3587 3_0_0 EXIST::FUNCTION:RSA,STDIO -EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP @@ -3571,7 +3571,7 @@ ERR_load_ERR_strings 3649 3_0_0 EXIST::FUNCTION: ASN1_const_check_infinite_end 3650 3_0_0 EXIST::FUNCTION: RSA_null_method 3651 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA TS_REQ_ext_free 3652 3_0_0 EXIST::FUNCTION:TS -EVP_PKEY_meth_get_encrypt 3653 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_encrypt 3653 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 Camellia_ecb_encrypt 3654 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0 ENGINE_set_default_RSA 3655 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_EncodeBlock 3656 3_0_0 EXIST::FUNCTION: @@ -3645,13 +3645,13 @@ i2d_PKCS7_NDEF 3724 3_0_0 EXIST::FUNCTION: OPENSSL_sk_pop_free 3725 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get0_policy_tree 3726 3_0_0 EXIST::FUNCTION: DES_set_key_checked 3727 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES -EVP_PKEY_meth_free 3728 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_free 3728 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_sha224 3729 3_0_0 EXIST::FUNCTION: ENGINE_set_id 3730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:EC CMS_signed_add1_attr_by_NID 3732 3_0_0 EXIST::FUNCTION:CMS i2d_DSAPrivateKey_fp 3733 3_0_0 EXIST::FUNCTION:DSA,STDIO -EVP_CIPHER_meth_get_set_asn1_params 3734 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_get_set_asn1_params 3734 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_STORE_CTX_get_ex_data 3735 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_kari_set0_pkey 3736 3_0_0 EXIST::FUNCTION:CMS X509v3_addr_add_inherit 3737 3_0_0 EXIST::FUNCTION:RFC3779 @@ -3667,7 +3667,7 @@ ENGINE_set_default_ciphers 3746 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ X509_get_signature_nid 3747 3_0_0 EXIST::FUNCTION: DES_fcrypt 3748 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES PEM_write_bio_X509_REQ 3749 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_sign 3750 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get_sign 3750 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 TS_REQ_get_nonce 3751 3_0_0 EXIST::FUNCTION:TS ENGINE_unregister_EC 3752 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509v3_get_ext_count 3753 3_0_0 EXIST::FUNCTION: @@ -3705,7 +3705,7 @@ X509_new 3785 3_0_0 EXIST::FUNCTION: EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:EC CTLOG_STORE_get0_log_by_id 3787 3_0_0 EXIST::FUNCTION:CT CMS_signed_add1_attr 3788 3_0_0 EXIST::FUNCTION:CMS -EVP_CIPHER_meth_set_iv_length 3789 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_iv_length 3789 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509v3_asid_validate_path 3790 3_0_0 EXIST::FUNCTION:RFC3779 CMS_RecipientInfo_set0_password 3791 3_0_0 EXIST::FUNCTION:CMS TS_CONF_load_cert 3792 3_0_0 EXIST::FUNCTION:TS @@ -3765,7 +3765,7 @@ EVP_CIPHER_iv_length 3846 3_0_0 EXIST::FUNCTION: OCSP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION: i2d_PKCS8PrivateKeyInfo_bio 3848 3_0_0 EXIST::FUNCTION: d2i_OCSP_CERTID 3849 3_0_0 EXIST::FUNCTION:OCSP -EVP_CIPHER_meth_set_init 3850 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_meth_set_init 3850 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RIPEMD160_Final 3851 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160 NETSCAPE_SPKI_free 3852 3_0_0 EXIST::FUNCTION: BIO_asn1_get_prefix 3853 3_0_0 EXIST::FUNCTION: @@ -3796,7 +3796,7 @@ PEM_write_DSAPrivateKey 3878 3_0_0 EXIST::FUNCTION:DSA,STDIO OPENSSL_sk_delete_ptr 3879 3_0_0 EXIST::FUNCTION: CMS_add0_RevocationInfoChoice 3880 3_0_0 EXIST::FUNCTION:CMS ASN1_PCTX_get_flags 3881 3_0_0 EXIST::FUNCTION: -EVP_MD_meth_set_result_size 3882 3_0_0 EXIST::FUNCTION: +EVP_MD_meth_set_result_size 3882 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_X509_CRL 3883 3_0_0 EXIST::FUNCTION: ASN1_INTEGER_it 3885 3_0_0 EXIST::FUNCTION: TS_ACCURACY_new 3886 3_0_0 EXIST::FUNCTION:TS @@ -4221,8 +4221,8 @@ i2d_SCRYPT_PARAMS 4312 3_0_0 EXIST::FUNCTION:SCRYPT d2i_SCRYPT_PARAMS 4313 3_0_0 EXIST::FUNCTION:SCRYPT SCRYPT_PARAMS_it 4314 3_0_0 EXIST::FUNCTION:SCRYPT CRYPTO_secure_clear_free 4315 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get0 4316 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_count 4317 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_get0 4316 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_count 4317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 RAND_DRBG_get0_public 4319 3_0_0 EXIST::FUNCTION: RAND_priv_bytes 4320 3_0_0 EXIST::FUNCTION: BN_priv_rand 4321 3_0_0 EXIST::FUNCTION: @@ -4244,9 +4244,9 @@ UI_get_result_length 4337 3_0_0 EXIST::FUNCTION: UI_set_result_ex 4338 3_0_0 EXIST::FUNCTION: UI_get_result_string_length 4339 3_0_0 EXIST::FUNCTION: EVP_PKEY_check 4340 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_check 4341 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_check 4342 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_check 4341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_check 4342 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OPENSSL_sk_reserve 4344 3_0_0 EXIST::FUNCTION: EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:ENGINE DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DH @@ -4264,10 +4264,10 @@ EVP_sm3 4359 3_0_0 EXIST::FUNCTION:SM3 RSA_get0_multi_prime_factors 4360 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_public_check 4361 3_0_0 EXIST::FUNCTION: EVP_PKEY_param_check 4362 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_public_check 4363 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_param_check 4364 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_public_check 4365 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_param_check 4366 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_public_check 4363 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_set_param_check 4364 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_public_check 4365 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_param_check 4366 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_asn1_set_public_check 4367 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_set_param_check 4368 3_0_0 EXIST::FUNCTION: DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH @@ -4422,8 +4422,8 @@ EC_GROUP_get_curve 4528 3_0_0 EXIST::FUNCTION:EC OCSP_resp_get0_tbs_sigalg 4529 3_0_0 EXIST::FUNCTION:OCSP OCSP_resp_get0_respdata 4530 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_CTX_set_pkey_ctx 4531 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION: @@ -4864,10 +4864,10 @@ EVP_PKEY_CTX_set0_rsa_oaep_label ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_get0_rsa_oaep_label ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_get_rsa_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_get_rsa_oaep_md_name ? 3_0_0 EXIST::FUNCTION:RSA -EVP_PKEY_meth_set_digestsign ? 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_digestverify ? 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_digestsign ? 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_get_digestverify ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_digestsign ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_set_digestverify ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_digestsign ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_digestverify ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_SERIALIZER_up_ref ? 3_0_0 EXIST::FUNCTION: OSSL_SERIALIZER_free ? 3_0_0 EXIST::FUNCTION: OSSL_SERIALIZER_fetch ? 3_0_0 EXIST::FUNCTION: From shane.lontis at oracle.com Wed Jul 22 11:16:31 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 22 Jul 2020 11:16:31 +0000 Subject: [openssl] master update Message-ID: <1595416591.368277.3719.nullmailer@dev.openssl.org> The branch master has been updated via dcb71e1c21ad46bc9258d388b98156ae48de0af4 (commit) from 7b9f218838ad93ab6b8dd9cd4545703839ec037a (commit) - Log ----------------------------------------------------------------- commit dcb71e1c21ad46bc9258d388b98156ae48de0af4 Author: Shane Lontis Date: Tue Jul 21 10:51:33 2020 +1000 Cleanup fips provider init Removed dummy evp_test Changed all algorithm properties to use fips=yes (except for RAND_TEST) (This changes the DRBG and ECX settings) Removed unused includes. Added TODO(3.0) for issue(s) that need to be resolved. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12498) ----------------------------------------------------------------------- Summary of changes: providers/fips/fipsprov.c | 213 +++++++++++++--------------------------------- 1 file changed, 59 insertions(+), 154 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index c91ad1c6d7..77cd75fcdf 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -7,27 +7,13 @@ * https://www.openssl.org/source/license.html */ -#include -#include -#include #include #include #include -#include -#include -#include - -/* TODO(3.0): Needed for dummy_evp_call(). To be removed */ -#include -#include -#include +#include /* NIDs used by ossl_prov_util_nid_to_name() */ #include - +#include /* OPENSSL_CTX_get0_public_drbg() */ #include "internal/cryptlib.h" -#include "internal/property.h" -#include "internal/nelem.h" -#include "openssl/param_build.h" -#include "crypto/evp.h" #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/providercommon.h" @@ -35,6 +21,9 @@ #include "prov/provider_util.h" #include "self_test.h" +static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; +static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; + /* * Forward declarations to ensure that interface functions are correctly * defined. @@ -44,7 +33,7 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; static OSSL_FUNC_provider_get_params_fn fips_get_params; static OSSL_FUNC_provider_query_operation_fn fips_query; -#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK } +#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) extern OSSL_FUNC_core_thread_start_fn *c_thread_start; @@ -137,87 +126,6 @@ static OSSL_PARAM core_params[] = OSSL_PARAM_END }; -/* TODO(3.0): To be removed */ -static int dummy_evp_call(OPENSSL_CTX *libctx) -{ - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); - EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); - unsigned char dgst[SHA256_DIGEST_LENGTH]; - unsigned int dgstlen; - int ret = 0; - BN_CTX *bnctx = NULL; - BIGNUM *a = NULL, *b = NULL; - unsigned char randbuf[128]; - RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); -#ifndef OPENSSL_NO_EC - EC_KEY *key = NULL; -#endif - - static const char msg[] = "Hello World!"; - static const unsigned char exptd[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 - }; - - if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) - goto err; - - if (!EVP_DigestInit_ex(ctx, sha256, NULL)) - goto err; - if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) - goto err; - if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) - goto err; - if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) - goto err; - - bnctx = BN_CTX_new_ex(libctx); - if (bnctx == NULL) - goto err; - BN_CTX_start(bnctx); - a = BN_CTX_get(bnctx); - b = BN_CTX_get(bnctx); - if (b == NULL) - goto err; - BN_zero(a); - if (!BN_one(b) - || !BN_add(a, a, b) - || BN_cmp(a, b) != 0) - goto err; - - if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) - goto err; - - if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) - goto err; - -#ifndef OPENSSL_NO_EC - /* Do some dummy EC calls */ - key = EC_KEY_new_by_curve_name_with_libctx(libctx, NULL, NID_X9_62_prime256v1); - if (key == NULL) - goto err; - - if (!EC_KEY_generate_key(key)) - goto err; -#endif - - ret = 1; - err: - BN_CTX_end(bnctx); - BN_CTX_free(bnctx); - - EVP_KDF_free(kdf); - EVP_MD_CTX_free(ctx); - EVP_MD_free(sha256); - -#ifndef OPENSSL_NO_EC - EC_KEY_free(key); -#endif - return ret; -} - static const OSSL_PARAM *fips_gettable_params(void *provctx) { return fips_param_types; @@ -241,6 +149,7 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) } /* FIPS specific version of the function of the same name in provlib.c */ +/* TODO(3.0) - Is this function needed ? */ const char *ossl_prov_util_nid_to_name(int nid) { /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */ @@ -362,32 +271,32 @@ const char *ossl_prov_util_nid_to_name(int nid) */ static const OSSL_ALGORITHM fips_digests[] = { /* Our primary name:NiST name[:our older names] */ - { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions }, - { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions }, - { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions }, - { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions }, - { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions }, - { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes", + { "SHA1:SHA-1", FIPS_DEFAULT_PROPERTIES, sha1_functions }, + { "SHA2-224:SHA-224:SHA224", FIPS_DEFAULT_PROPERTIES, sha224_functions }, + { "SHA2-256:SHA-256:SHA256", FIPS_DEFAULT_PROPERTIES, sha256_functions }, + { "SHA2-384:SHA-384:SHA384", FIPS_DEFAULT_PROPERTIES, sha384_functions }, + { "SHA2-512:SHA-512:SHA512", FIPS_DEFAULT_PROPERTIES, sha512_functions }, + { "SHA2-512/224:SHA-512/224:SHA512-224", FIPS_DEFAULT_PROPERTIES, sha512_224_functions }, - { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes", + { "SHA2-512/256:SHA-512/256:SHA512-256", FIPS_DEFAULT_PROPERTIES, sha512_256_functions }, /* We agree with NIST here, so one name only */ - { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions }, - { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions }, - { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions }, - { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions }, + { "SHA3-224", FIPS_DEFAULT_PROPERTIES, sha3_224_functions }, + { "SHA3-256", FIPS_DEFAULT_PROPERTIES, sha3_256_functions }, + { "SHA3-384", FIPS_DEFAULT_PROPERTIES, sha3_384_functions }, + { "SHA3-512", FIPS_DEFAULT_PROPERTIES, sha3_512_functions }, - { "SHAKE-128:SHAKE128", "provider=fips,fips=yes", shake_128_functions }, - { "SHAKE-256:SHAKE256", "provider=fips,fips=yes", shake_256_functions }, + { "SHAKE-128:SHAKE128", FIPS_DEFAULT_PROPERTIES, shake_128_functions }, + { "SHAKE-256:SHAKE256", FIPS_DEFAULT_PROPERTIES, shake_256_functions }, /* * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KMAC128 and KMAC256. */ - { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", + { "KECCAK-KMAC-128:KECCAK-KMAC128", FIPS_DEFAULT_PROPERTIES, keccak_kmac_128_functions }, - { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", + { "KECCAK-KMAC-256:KECCAK-KMAC256", FIPS_DEFAULT_PROPERTIES, keccak_kmac_256_functions }, { NULL, NULL, NULL } }; @@ -453,80 +362,80 @@ static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; static const OSSL_ALGORITHM fips_macs[] = { #ifndef OPENSSL_NO_CMAC - { "CMAC", "provider=fips,fips=yes", cmac_functions }, + { "CMAC", FIPS_DEFAULT_PROPERTIES, cmac_functions }, #endif - { "GMAC", "provider=fips,fips=yes", gmac_functions }, - { "HMAC", "provider=fips,fips=yes", hmac_functions }, - { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions }, - { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions }, + { "GMAC", FIPS_DEFAULT_PROPERTIES, gmac_functions }, + { "HMAC", FIPS_DEFAULT_PROPERTIES, hmac_functions }, + { "KMAC-128:KMAC128", FIPS_DEFAULT_PROPERTIES, kmac128_functions }, + { "KMAC-256:KMAC256", FIPS_DEFAULT_PROPERTIES, kmac256_functions }, { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_kdfs[] = { - { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions }, - { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions }, - { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions }, - { "SSHKDF", "provider=fips,fips=yes", kdf_sshkdf_functions }, - { "X963KDF", "provider=fips,fips=yes", kdf_x963_kdf_functions }, - { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions }, - { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions }, + { "HKDF", FIPS_DEFAULT_PROPERTIES, kdf_hkdf_functions }, + { "SSKDF", FIPS_DEFAULT_PROPERTIES, kdf_sskdf_functions }, + { "PBKDF2", FIPS_DEFAULT_PROPERTIES, kdf_pbkdf2_functions }, + { "SSHKDF", FIPS_DEFAULT_PROPERTIES, kdf_sshkdf_functions }, + { "X963KDF", FIPS_DEFAULT_PROPERTIES, kdf_x963_kdf_functions }, + { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, kdf_tls1_prf_functions }, + { "KBKDF", FIPS_DEFAULT_PROPERTIES, kdf_kbkdf_functions }, { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_rands[] = { - { "CTR-DRBG", "provider=fips", drbg_ctr_functions }, - { "HASH-DRBG", "provider=fips", drbg_hash_functions }, - { "HMAC-DRBG", "provider=fips", drbg_hmac_functions }, - { "TEST-RAND", "provider=fips", test_rng_functions }, + { "CTR-DRBG", FIPS_DEFAULT_PROPERTIES, drbg_ctr_functions }, + { "HASH-DRBG", FIPS_DEFAULT_PROPERTIES, drbg_hash_functions }, + { "HMAC-DRBG", FIPS_DEFAULT_PROPERTIES, drbg_hmac_functions }, + { "TEST-RAND", FIPS_UNAPPROVED_PROPERTIES, test_rng_functions }, { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_keyexch[] = { #ifndef OPENSSL_NO_DH - { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions }, + { "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, dh_keyexch_functions }, #endif #ifndef OPENSSL_NO_EC - { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions }, - { "X25519", "provider=fips,fips=no", x25519_keyexch_functions }, - { "X448", "provider=fips,fips=no", x448_keyexch_functions }, + { "ECDH", FIPS_DEFAULT_PROPERTIES, ecdh_keyexch_functions }, + { "X25519", FIPS_DEFAULT_PROPERTIES, x25519_keyexch_functions }, + { "X448", FIPS_DEFAULT_PROPERTIES, x448_keyexch_functions }, #endif { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA - { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions }, + { "DSA:dsaEncryption", FIPS_DEFAULT_PROPERTIES, dsa_signature_functions }, #endif - { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions }, + { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, rsa_signature_functions }, #ifndef OPENSSL_NO_EC - { "ED25519", "provider=fips,fips=no", ed25519_signature_functions }, - { "ED448", "provider=fips,fips=no", ed448_signature_functions }, - { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions }, + { "ED25519", FIPS_DEFAULT_PROPERTIES, ed25519_signature_functions }, + { "ED448", FIPS_DEFAULT_PROPERTIES, ed448_signature_functions }, + { "ECDSA", FIPS_DEFAULT_PROPERTIES, ecdsa_signature_functions }, #endif { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_asym_cipher[] = { - { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions }, + { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, rsa_asym_cipher_functions }, { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_keymgmt[] = { #ifndef OPENSSL_NO_DH - { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions }, + { "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, dh_keymgmt_functions }, #endif #ifndef OPENSSL_NO_DSA - { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions }, + { "DSA", FIPS_DEFAULT_PROPERTIES, dsa_keymgmt_functions }, #endif - { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions }, - { "RSA-PSS:RSASSA-PSS", "provider=fips,fips=yes", + { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, rsa_keymgmt_functions }, + { "RSA-PSS:RSASSA-PSS", FIPS_DEFAULT_PROPERTIES, rsapss_keymgmt_functions }, #ifndef OPENSSL_NO_EC - { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions }, - { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions }, - { "X448", "provider=fips,fips=no", x448_keymgmt_functions }, - { "ED25519", "provider=fips,fips=no", ed25519_keymgmt_functions }, - { "ED448", "provider=fips,fips=no", ed448_keymgmt_functions }, + { "EC:id-ecPublicKey", FIPS_DEFAULT_PROPERTIES, ec_keymgmt_functions }, + { "X25519", FIPS_DEFAULT_PROPERTIES, x25519_keymgmt_functions }, + { "X448", FIPS_DEFAULT_PROPERTIES, x448_keymgmt_functions }, + { "ED25519", FIPS_DEFAULT_PROPERTIES, ed25519_keymgmt_functions }, + { "ED448", FIPS_DEFAULT_PROPERTIES, ed448_keymgmt_functions }, #endif { NULL, NULL, NULL } }; @@ -732,12 +641,8 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, goto err; } - /* - * TODO(3.0): Remove me. This is just a dummy call to demonstrate making - * EVP calls from within the FIPS module. - */ - if (!dummy_evp_call(libctx)) - goto err; + /* TODO(3.0): Tests will hang if this is removed */ + (void)OPENSSL_CTX_get0_public_drbg(libctx); *out = fips_dispatch_table; return 1; From builds at travis-ci.com Wed Jul 22 11:59:44 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 11:59:44 +0000 Subject: Failed: openssl/openssl#36291 (master - 490c871) In-Reply-To: Message-ID: <5f182a316f8fa_13f8cecc0845c49264e@travis-pro-tasks-7bbf7855f9-wz9f8.mail> Build Update for openssl/openssl ------------------------------------- Build: #36291 Status: Failed Duration: 1 hr, 0 mins, and 24 secs Commit: 490c871 (master) Author: Gustaf Neumann Message: Align documentation with recommendations of Linux Documentation Project This change applies the recommendation of the Linux Documentation Project to the documentation files of OpenSSL. Additionally, util/find-doc-nits was updated accordingly. The change follows a suggestion of mspncp on https://github.com/openssl/openssl/pull/12370 and incoporates the requested changes on the pull request Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12460) View the changeset: https://github.com/openssl/openssl/compare/bf19b64aaeed...490c87110cc1 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176628347?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jul 22 13:05:13 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 13:05:13 +0000 Subject: Failed: openssl/openssl#36292 (master - 1d864f0) In-Reply-To: Message-ID: <5f1839887d129_13fa18f6bd33c117758@travis-pro-tasks-6d98db958-pzdg8.mail> Build Update for openssl/openssl ------------------------------------- Build: #36292 Status: Failed Duration: 1 hr, 25 mins, and 38 secs Commit: 1d864f0 (master) Author: gujinqiang Message: Specific the engine pointer CLA: trivial I found that when I wanted to use an engine by the option-engine XXX , it didn't work. Checking the code, I guess it missed the engine pointer when calling EVP_CipherInit_ex. Reviewed-by: Shane Lontis Reviewed-by: Paul Yang Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12475) View the changeset: https://github.com/openssl/openssl/compare/490c87110cc1...1d864f0f534f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176630727?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From viktor at openssl.org Wed Jul 22 14:07:45 2020 From: viktor at openssl.org (Viktor Dukhovni) Date: Wed, 22 Jul 2020 14:07:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1595426865.300615.25092.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via c6c9f886ae118fffb0591ea0b5c3e4770b176552 (commit) from 335266fa793c105e5e38cbaf098542cc372cdc2e (commit) - Log ----------------------------------------------------------------- commit c6c9f886ae118fffb0591ea0b5c3e4770b176552 Author: Viktor Dukhovni Date: Thu Jul 16 23:30:43 2020 -0200 Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell GH: #12507 ----------------------------------------------------------------------- Summary of changes: CHANGES | 15 +++++++++++++++ doc/man3/SSL_CONF_cmd.pod | 29 ++++++++++++++++++++--------- doc/man5/config.pod | 15 +++++++++------ ssl/ssl_conf.c | 7 +++++++ ssl/statem/statem_lib.c | 34 +++++++++++++++++++--------------- 5 files changed, 70 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index ae0d232526..ee5403dffc 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,21 @@ Changes between 1.1.1g and 1.1.1h [xx XXX xxxx] + *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + [Viktor Dukhovni] + *) Handshake now fails if Extended Master Secret extension is dropped on renegotiation. [Tomas Mraz] diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 7f2449e379..c5fed8e1e0 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -147,13 +147,16 @@ B. =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. -Currently supported protocol values are B, B, -B, B, B for TLS and B, B for DTLS, -and B for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. +Currently supported protocol values are B, B, B, +B, B for TLS; B, B for DTLS, and B +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> @@ -370,7 +373,11 @@ This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B @@ -378,7 +385,11 @@ This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 7b50b09919..7a0459d993 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -262,13 +262,11 @@ Example of a configuration with the system default: ssl_conf = ssl_sect [ssl_sect] - system_default = system_default_sect [system_default_sect] - MinProtocol = TLSv1.2 - + MinProtocol = DTLSv1.2 =head1 NOTES @@ -355,8 +353,8 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. -Simple OpenSSL library configuration to make TLS 1.3 the system-default -minimum TLS version: +Simple OpenSSL library configuration to make TLS 1.2 and DTLS 1.2 the +system-default minimum TLS and DTLS versions, respectively: # Toplevel section for openssl (including libssl) openssl_conf = default_conf_section @@ -369,7 +367,12 @@ minimum TLS version: system_default = system_default_section [system_default_section] - MinProtocol = TLSv1.3 + MinProtocol = TLSv1.2 + MinProtocol = DTLSv1.2 + +The minimum TLS protocol is applied to B objects that are TLS-based, +and the minimum DTLS protocol to those are DTLS-based. +The same applies also to maximum versions set with B. More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 8ef29bb345..3890d16fc9 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -305,6 +305,13 @@ static int protocol_from_string(const char *value) const char *name; int version; }; + /* + * Note: To avoid breaking previously valid configurations, we must retain + * legacy entries in this table even if the underlying protocol is no + * longer supported. This also means that the constants SSL3_VERSION, ... + * need to be retained indefinitely. This table can only grow, never + * shrink. + */ static const struct protocol_versions versions[] = { {"None", 0}, {"SSLv3", SSL3_VERSION}, diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 43d6fd5de9..0c5ba28309 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1656,11 +1656,22 @@ int ssl_check_version_downgrade(SSL *s) */ int ssl_set_version_bound(int method_version, int version, int *bound) { + int valid_tls; + int valid_dtls; + if (version == 0) { *bound = version; return 1; } + valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; + valid_dtls = + DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && + DTLS_VERSION_GE(version, DTLS1_BAD_VER); + + if (!valid_tls && !valid_dtls) + return 0; + /*- * Restrict TLS methods to TLS protocol versions. * Restrict DTLS methods to DTLS protocol versions. @@ -1671,31 +1682,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * configurations. If the MIN (supported) version ever rises, the user's * "floor" remains valid even if no longer available. We don't expect the * MAX ceiling to ever get lower, so making that variable makes sense. + * + * We ignore attempts to set bounds on version-inflexible methods, + * returning success. */ switch (method_version) { default: - /* - * XXX For fixed version methods, should we always fail and not set any - * bounds, always succeed and not set any bounds, or set the bounds and - * arrange to fail later if they are not met? At present fixed-version - * methods are not subject to controls that disable individual protocol - * versions. - */ - return 0; + break; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION) - return 0; + if (valid_tls) + *bound = version; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) || - DTLS_VERSION_LT(version, DTLS1_BAD_VER)) - return 0; + if (valid_dtls) + *bound = version; break; } - - *bound = version; return 1; } From builds at travis-ci.com Wed Jul 22 14:22:44 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 14:22:44 +0000 Subject: Still Failing: openssl/openssl#36293 (master - 7b9f218) In-Reply-To: Message-ID: <5f184bb4591a3_13fabd89b122032345c@travis-pro-tasks-6d98db958-sghq9.mail> Build Update for openssl/openssl ------------------------------------- Build: #36293 Status: Still Failing Duration: 1 hr, 1 min, and 30 secs Commit: 7b9f218 (master) Author: Pauli Message: document the deprecation of the '-public-key-methods' option to list Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11082) View the changeset: https://github.com/openssl/openssl/compare/1d864f0f534f...7b9f218838ad View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176678854?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jul 22 15:28:46 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 15:28:46 +0000 Subject: Still Failing: openssl/openssl#36294 (master - dcb71e1) In-Reply-To: Message-ID: <5f185b2a1c0be_13fa18f6bd8dc46596e@travis-pro-tasks-6d98db958-pzdg8.mail> Build Update for openssl/openssl ------------------------------------- Build: #36294 Status: Still Failing Duration: 54 mins and 39 secs Commit: dcb71e1 (master) Author: Shane Lontis Message: Cleanup fips provider init Removed dummy evp_test Changed all algorithm properties to use fips=yes (except for RAND_TEST) (This changes the DRBG and ECX settings) Removed unused includes. Added TODO(3.0) for issue(s) that need to be resolved. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12498) View the changeset: https://github.com/openssl/openssl/compare/7b9f218838ad...dcb71e1c21ad View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176685196?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 22 19:08:49 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 22 Jul 2020 19:08:49 +0000 Subject: Build failed: openssl master.35755 Message-ID: <20200722190849.1.6C04FB1A57ACFA5D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 22 19:34:57 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 22 Jul 2020 19:34:57 +0000 Subject: Build failed: openssl master.35756 Message-ID: <20200722193457.1.5EBD7938DAAC0952@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Wed Jul 22 20:06:42 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 22 Jul 2020 20:06:42 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1595448402.613266.22206.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 48fc6cd59c6d4a8f6ecd57d85d6ef4e6373ff147 (commit) from c6c9f886ae118fffb0591ea0b5c3e4770b176552 (commit) - Log ----------------------------------------------------------------- commit 48fc6cd59c6d4a8f6ecd57d85d6ef4e6373ff147 Author: Nihal Jere Date: Tue Jul 21 11:31:01 2020 -0500 fixed swapped parameters descriptions for x509 CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12505) ----------------------------------------------------------------------- Summary of changes: apps/x509.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index 5bb110fe4a..1043eba0c8 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -140,9 +140,9 @@ const OPTIONS x509_options[] = { {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, From no-reply at appveyor.com Wed Jul 22 20:28:26 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 22 Jul 2020 20:28:26 +0000 Subject: Build completed: openssl master.35757 Message-ID: <20200722202826.1.338A9FC7F5DB227C@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jul 22 20:50:33 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 22 Jul 2020 20:50:33 +0000 Subject: Errored: openssl/openssl#36301 (OpenSSL_1_1_1-stable - 48fc6cd) In-Reply-To: Message-ID: <5f18a69877413_13fe5675a4efc82088@travis-pro-tasks-698bb48c89-jhkrq.mail> Build Update for openssl/openssl ------------------------------------- Build: #36301 Status: Errored Duration: 41 mins and 58 secs Commit: 48fc6cd (OpenSSL_1_1_1-stable) Author: Nihal Jere Message: fixed swapped parameters descriptions for x509 CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12505) View the changeset: https://github.com/openssl/openssl/compare/c6c9f886ae11...48fc6cd59c6d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176777107?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Wed Jul 22 23:13:03 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 22 Jul 2020 23:13:03 +0000 Subject: [openssl] master update Message-ID: <1595459583.838708.27398.nullmailer@dev.openssl.org> The branch master has been updated via a27cb956c02220c502449176a8834b1d9643ac23 (commit) via d1768e8298a35fcd8e6e19575e4a9b2e93e4d788 (commit) via 8e3e1dfeaaa4130e2bf1951d21a0615b7ce72c8f (commit) via 9fb6692c1b129fa61277ae0482975a935274c6fd (commit) via 11a6d6fd706d1fa095122d65d3076fb38f2c739c (commit) from dcb71e1c21ad46bc9258d388b98156ae48de0af4 (commit) - Log ----------------------------------------------------------------- commit a27cb956c02220c502449176a8834b1d9643ac23 Author: Dr. Matthias St. Pierre Date: Mon Jul 20 23:21:37 2020 +0200 Fix: uninstantiation breaks the RAND_DRBG callback mechanism The RAND_DRBG callbacks are wrappers around the EVP_RAND callbacks. During uninstantiation, the EVP_RAND callbacks got lost while the RAND_DRBG callbacks remained, because RAND_DRBG_uninstantiate() calls RAND_DRBG_set(), which recreates the EVP_RAND object. This was causing drbgtest failures. This commit fixes the problem by adding code to RAND_DRBG_set() for saving and restoring the EVP_RAND callbacks. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11195) commit d1768e8298a35fcd8e6e19575e4a9b2e93e4d788 Author: Dr. Matthias St. Pierre Date: Mon Jul 13 02:02:15 2020 +0200 test/drbgtest.c: set the correct counter to trigger reseeding It's the generate counter (drbg->reseed_gen_counter), not the reseed counter which needs to be raised above the reseed_interval. This mix-up was partially caused by some recent renamings of DRBG members variables, but that will be dealt with in a separate commit. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11195) commit 8e3e1dfeaaa4130e2bf1951d21a0615b7ce72c8f Author: Dr. Matthias St. Pierre Date: Sat Jul 4 12:29:14 2020 +0200 test/drbgtest.c: Remove error check for large generate requests The behaviour of RAND_DRBG_generate() has changed. Previously, it would fail for requests larger than max_request, now it automatically splits large input into chunks (which was previously done only by RAND_DRBG_bytes() before calling RAND_DRBG_generate()). So this test has not only become obsolete, the fact that it succeeded unexpectedly also caused a buffer overflow that terminated the test. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11195) commit 9fb6692c1b129fa61277ae0482975a935274c6fd Author: Vitezslav Cizek Date: Mon Jun 1 11:45:09 2020 +0200 Fix DRBG reseed counter condition. The reseed counter condition was broken since a93ba40, where the initial value was wrongly changed from one to zero. Commit 8bf3665 fixed the initialization, but also adjusted the check, so the problem remained. This change restores original (OpenSSL-fips-2_0-stable) behavior. Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11195) commit 11a6d6fd706d1fa095122d65d3076fb38f2c739c Author: Vitezslav Cizek Date: Thu Feb 27 15:37:43 2020 +0100 test/drbgtest.c: Fix error check test The condition in test_error_checks() was inverted, so it succeeded as long as error_check() failed. Incidently, error_check() contained several bugs that assured it always failed, thus giving overall drbg test success. Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11195) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_lib.c | 13 +++++++++ providers/implementations/rands/drbg.c | 2 +- test/drbgtest.c | 53 +++++++++++++++++++--------------- 3 files changed, 43 insertions(+), 25 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 4b5d832df2..d2566920cd 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -296,6 +296,11 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) EVP_RAND_CTX *pctx; int use_df; + RAND_DRBG_get_entropy_fn get_entropy = drbg->get_entropy; + RAND_DRBG_cleanup_entropy_fn cleanup_entropy = drbg->cleanup_entropy; + RAND_DRBG_get_nonce_fn get_nonce = drbg->get_nonce; + RAND_DRBG_cleanup_nonce_fn cleanup_nonce = drbg->cleanup_nonce; + if (type == 0 && flags == 0) { type = rand_drbg_type[RAND_DRBG_TYPE_PRIMARY]; flags = rand_drbg_flags[RAND_DRBG_TYPE_PRIMARY]; @@ -344,6 +349,14 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG); goto err; } + + if (!RAND_DRBG_set_callbacks(drbg, + get_entropy, cleanup_entropy, + get_nonce, cleanup_nonce)) { + RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG); + goto err; + } + return 1; err: EVP_RAND_CTX_free(drbg->rand); diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 3394271835..929b32e708 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -742,7 +742,7 @@ int PROV_DRBG_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, } if (drbg->reseed_interval > 0) { - if (drbg->reseed_gen_counter > drbg->reseed_interval) + if (drbg->reseed_gen_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { diff --git a/test/drbgtest.c b/test/drbgtest.c index f9e65757c2..3107ccaaf4 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -176,7 +176,6 @@ DRBG_SIZE_T(min_noncelen) DRBG_SIZE_T(max_noncelen) DRBG_SIZE_T(max_perslen) DRBG_SIZE_T(max_adinlen) -DRBG_SIZE_T(max_request) #define DRBG_UINT(name) \ static unsigned int name(RAND_DRBG *drbg) \ @@ -191,6 +190,13 @@ static PROV_DRBG *prov_rand(RAND_DRBG *drbg) return (PROV_DRBG *)drbg->rand->data; } +static void set_generate_counter(RAND_DRBG *drbg, unsigned int n) +{ + PROV_DRBG *p = prov_rand(drbg); + + p->reseed_gen_counter = n; +} + static void set_reseed_counter(RAND_DRBG *drbg, unsigned int n) { PROV_DRBG *p = prov_rand(drbg); @@ -427,7 +433,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test detection of too large personalisation string */ if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, max_perslen(drbg) + 1) > 0) + || !TEST_false(RAND_DRBG_instantiate(drbg, td->pers, max_perslen(drbg) + 1))) goto err; /* @@ -436,7 +442,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test entropy source failure detection: i.e. returns no data */ t.entropylen = 0; - if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0)) + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))) goto err; /* Try to generate output from uninstantiated DRBG */ @@ -446,16 +452,18 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test insufficient entropy */ + if (!init(drbg, td, &t)) + goto err; t.entropylen = min_entropylen(drbg) - 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; /* Test too much entropy */ + if (!init(drbg, td, &t)) + goto err; t.entropylen = max_entropylen(drbg) + 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; @@ -465,18 +473,20 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test too small nonce */ if (min_noncelen(drbg) != 0) { + if (!init(drbg, td, &t)) + goto err; t.noncelen = min_noncelen(drbg) - 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; } /* Test too large nonce */ if (max_noncelen(drbg) != 0) { + if (!init(drbg, td, &t)) + goto err; t.noncelen = max_noncelen(drbg) + 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; } @@ -487,11 +497,6 @@ static int error_check(DRBG_SELFTEST_DATA *td) td->adin, td->adinlen))) goto err; - /* Request too much data for one request */ - if (!TEST_false(RAND_DRBG_generate(drbg, buff, max_request(drbg) + 1, 0, - td->adin, td->adinlen))) - goto err; - /* Try too large additional input */ if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, max_adinlen(drbg) + 1))) @@ -502,7 +507,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) * failure. */ t.entropylen = 0; - if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, + if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, td->adin, td->adinlen)) || !uninstantiate(drbg)) goto err; @@ -511,7 +516,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; reseed_counter_tmp = reseed_counter(drbg); - set_reseed_counter(drbg, reseed_requests(drbg)); + set_generate_counter(drbg, reseed_requests(drbg)); /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; @@ -536,7 +541,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; reseed_counter_tmp = reseed_counter(drbg); - set_reseed_counter(drbg, reseed_requests(drbg)); + set_generate_counter(drbg, reseed_requests(drbg)); /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; @@ -553,12 +558,12 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test explicit reseed with too large additional input */ if (!instantiate(drbg, td, &t) - || RAND_DRBG_reseed(drbg, td->adin, max_adinlen(drbg) + 1, 0) > 0) + || !TEST_false(RAND_DRBG_reseed(drbg, td->adin, max_adinlen(drbg) + 1, 0))) goto err; /* Test explicit reseed with entropy source failure */ t.entropylen = 0; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -566,7 +571,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; t.entropylen = max_entropylen(drbg) + 1; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -574,7 +579,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; t.entropylen = min_entropylen(drbg) - 1; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -611,7 +616,7 @@ static int test_error_checks(int i) if (crngt_skip()) return TEST_skip("CRNGT cannot be disabled"); - if (error_check(td)) + if (!error_check(td)) goto err; rv = 1; From matthias.st.pierre at ncp-e.com Wed Jul 22 23:17:55 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 22 Jul 2020 23:17:55 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1595459875.267502.28771.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 72a9868fe53e01bfe912a56b56e4474ff6e0a063 (commit) from 48fc6cd59c6d4a8f6ecd57d85d6ef4e6373ff147 (commit) - Log ----------------------------------------------------------------- commit 72a9868fe53e01bfe912a56b56e4474ff6e0a063 Author: Vitezslav Cizek Date: Fri Jul 10 21:33:00 2020 +0200 test/drbgtest.c: Fix error check test The condition in test_error_checks() was inverted, so the test succeeded as long as error_check() failed. Incidently, error_check() contained several bugs that assured it always failed, thus giving overall drbg test success. Remove the broken explicit zero check. RAND_DRBG_uninstantiate() cleanses the data via drbg_ctr_uninstantiate(), but right after that it resets drbg->data.ctr using RAND_DRBG_set(), so TEST_mem_eq(zero, sizeof(drbg->data)) always failed. (backport from https://github.com/openssl/openssl/pull/11195) Signed-off-by: Vitezslav Cizek Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12517) ----------------------------------------------------------------------- Summary of changes: test/drbgtest.c | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/test/drbgtest.c b/test/drbgtest.c index 2aff4aaf03..be001ee18e 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -286,7 +286,6 @@ static int instantiate(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td, */ static int error_check(DRBG_SELFTEST_DATA *td) { - static char zero[sizeof(RAND_DRBG)]; RAND_DRBG *drbg = NULL; TEST_CTX t; unsigned char buff[1024]; @@ -302,7 +301,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test detection of too large personalisation string */ if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0) + || !TEST_false(RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1))) goto err; /* @@ -311,7 +310,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test entropy source failure detection: i.e. returns no data */ t.entropylen = 0; - if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0)) + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))) goto err; /* Try to generate output from uninstantiated DRBG */ @@ -321,16 +320,18 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test insufficient entropy */ + if (!init(drbg, td, &t)) + goto err; t.entropylen = drbg->min_entropylen - 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; /* Test too much entropy */ + if (!init(drbg, td, &t)) + goto err; t.entropylen = drbg->max_entropylen + 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; @@ -340,18 +341,20 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test too small nonce */ if (drbg->min_noncelen) { + if (!init(drbg, td, &t)) + goto err; t.noncelen = drbg->min_noncelen - 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; } /* Test too large nonce */ if (drbg->max_noncelen) { + if (!init(drbg, td, &t)) + goto err; t.noncelen = drbg->max_noncelen + 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; } @@ -377,7 +380,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) * failure. */ t.entropylen = 0; - if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, + if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, td->adin, td->adinlen)) || !uninstantiate(drbg)) goto err; @@ -428,12 +431,12 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test explicit reseed with too large additional input */ if (!instantiate(drbg, td, &t) - || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0) + || !TEST_false(RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0))) goto err; /* Test explicit reseed with entropy source failure */ t.entropylen = 0; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -441,7 +444,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->max_entropylen + 1; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -449,14 +452,10 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->min_entropylen - 1; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; - /* Standard says we have to check uninstantiate really zeroes */ - if (!TEST_mem_eq(zero, sizeof(drbg->data), &drbg->data, sizeof(drbg->data))) - goto err; - ret = 1; err: @@ -483,7 +482,7 @@ static int test_error_checks(int i) DRBG_SELFTEST_DATA *td = &drbg_test[i]; int rv = 0; - if (error_check(td)) + if (!error_check(td)) goto err; rv = 1; From openssl at openssl.org Wed Jul 22 23:56:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 22 Jul 2020 23:56:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1595462215.473387.11819.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80D72C8DFF7E0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047B894DE7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 8047B894DE7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3033, 1723 wallclock secs (11.83 usr 1.53 sys + 1552.53 cusr 155.65 csys = 1721.54 CPU) Result: FAIL Makefile:2484: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2482: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 23 00:41:39 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 23 Jul 2020 00:41:39 +0000 Subject: Still Failing: openssl/openssl#36307 (master - a27cb95) In-Reply-To: Message-ID: <5f18dcc33b6f4_13fb95092e6d893762@travis-pro-tasks-6c4cdb77bd-nd4q6.mail> Build Update for openssl/openssl ------------------------------------- Build: #36307 Status: Still Failing Duration: 1 hr, 27 mins, and 11 secs Commit: a27cb95 (master) Author: Dr. Matthias St. Pierre Message: Fix: uninstantiation breaks the RAND_DRBG callback mechanism The RAND_DRBG callbacks are wrappers around the EVP_RAND callbacks. During uninstantiation, the EVP_RAND callbacks got lost while the RAND_DRBG callbacks remained, because RAND_DRBG_uninstantiate() calls RAND_DRBG_set(), which recreates the EVP_RAND object. This was causing drbgtest failures. This commit fixes the problem by adding code to RAND_DRBG_set() for saving and restoring the EVP_RAND callbacks. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11195) View the changeset: https://github.com/openssl/openssl/compare/dcb71e1c21ad...a27cb956c022 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176796127?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 23 01:04:25 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 23 Jul 2020 01:04:25 +0000 Subject: Passed: openssl/openssl#36308 (OpenSSL_1_1_1-stable - 72a9868) In-Reply-To: Message-ID: <5f18e21857404_13fc10cb0ea707649@travis-pro-tasks-6c4cdb77bd-vws8l.mail> Build Update for openssl/openssl ------------------------------------- Build: #36308 Status: Passed Duration: 49 mins and 7 secs Commit: 72a9868 (OpenSSL_1_1_1-stable) Author: Vitezslav Cizek Message: test/drbgtest.c: Fix error check test The condition in test_error_checks() was inverted, so the test succeeded as long as error_check() failed. Incidently, error_check() contained several bugs that assured it always failed, thus giving overall drbg test success. Remove the broken explicit zero check. RAND_DRBG_uninstantiate() cleanses the data via drbg_ctr_uninstantiate(), but right after that it resets drbg->data.ctr using RAND_DRBG_set(), so TEST_mem_eq(zero, sizeof(drbg->data)) always failed. (backport from https://github.com/openssl/openssl/pull/11195) Signed-off-by: Vitezslav Cizek Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12517) View the changeset: https://github.com/openssl/openssl/compare/48fc6cd59c6d...72a9868fe53e View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176796491?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 23 01:54:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 01:54:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1595469277.245200.9373.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3102, 860 wallclock secs (12.96 usr 1.37 sys + 790.07 cusr 62.84 csys = 867.24 CPU) Result: FAIL Makefile:3132: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3130: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 23 07:30:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 07:30:34 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1595489434.325067.16797.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): C0B037A2777F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0B037A2777F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0B037A2777F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0B037A2777F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0B037A2777F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0B037A2777F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0B037A2777F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0B037A2777F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0B037A2777F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0B037A2777F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0A01C0C8C7F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:927:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C07025E1F07F0000:error::system library:file_open:No such file or directory:../openssl/crypto/store/loader_file.c:927:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3136, 832 wallclock secs (12.49 usr 1.23 sys + 779.26 cusr 56.55 csys = 849.53 CPU) Result: FAIL Makefile:3070: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3068: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Thu Jul 23 07:48:39 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 23 Jul 2020 07:48:39 +0000 Subject: [openssl] master update Message-ID: <1595490519.336977.30394.nullmailer@dev.openssl.org> The branch master has been updated via ae89578be2930c726d6ef56451233757a89f224f (commit) from a27cb956c02220c502449176a8834b1d9643ac23 (commit) - Log ----------------------------------------------------------------- commit ae89578be2930c726d6ef56451233757a89f224f Author: Shane Lontis Date: Thu Jul 23 17:40:40 2020 +1000 Test RSA oaep in fips mode Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11948) ----------------------------------------------------------------------- Summary of changes: apps/include/apps.h | 4 + apps/include/opt.h | 3 + apps/lib/app_provider.c | 21 ++-- apps/lib/apps.c | 46 +++++++- apps/openssl.c | 17 ++- apps/pkeyutl.c | 30 +++++- doc/man1/openssl-pkeyutl.pod.in | 3 + doc/man1/openssl.pod | 20 ++-- doc/perlvars.pm | 8 ++ test/recipes/15-test_rsaoaep.t | 155 +++++++++++++++++++++++++++ test/recipes/15-test_rsaoaep_data/plain_text | 1 + 11 files changed, 282 insertions(+), 26 deletions(-) create mode 100644 test/recipes/15-test_rsaoaep.t create mode 100644 test/recipes/15-test_rsaoaep_data/plain_text diff --git a/apps/include/apps.h b/apps/include/apps.h index 87d1b47150..9a76dcd339 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -65,6 +65,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename); CONF *app_load_config(const char *filename); CONF *app_load_config_quiet(const char *filename); int app_load_modules(const CONF *config); +CONF *app_load_config_modules(const char *configfile); void unbuffer(FILE *fp); void wait_for_async(SSL *s); # if defined(OPENSSL_SYS_MSDOS) @@ -290,9 +291,12 @@ typedef struct verify_options_st { extern VERIFY_CB_ARGS verify_args; +OPENSSL_CTX *app_create_libctx(void); +OPENSSL_CTX *app_get0_libctx(void); OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, const OSSL_PARAM *paramdefs); void app_params_free(OSSL_PARAM *params); +int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name); void app_providers_cleanup(void); #endif diff --git a/apps/include/opt.h b/apps/include/opt.h index 5afbad1bbe..ad629c0199 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -273,6 +273,9 @@ OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \ OPT_PROV__LAST +# define OPT_CONFIG_OPTION \ + { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" } + # define OPT_PROV_OPTIONS \ OPT_SECTION("Provider"), \ { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \ diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c index ca24328a2e..60645e21d7 100644 --- a/apps/lib/app_provider.c +++ b/apps/lib/app_provider.c @@ -8,6 +8,7 @@ */ #include "apps.h" +#include #include #include #include @@ -21,14 +22,19 @@ enum prov_range { OPT_PROV_ENUM }; static STACK_OF(OSSL_PROVIDER) *app_providers = NULL; -static int opt_provider_load(const char *provider) +static void provider_free(OSSL_PROVIDER *prov) +{ + OSSL_PROVIDER_unload(prov); +} + +int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name) { OSSL_PROVIDER *prov; - prov = OSSL_PROVIDER_load(NULL, provider); + prov = OSSL_PROVIDER_load(libctx, provider_name); if (prov == NULL) { opt_printf_stderr("%s: unable to load provider %s\n", - opt_getprog(), provider); + opt_getprog(), provider_name); return 0; } if (app_providers == NULL) @@ -41,11 +47,6 @@ static int opt_provider_load(const char *provider) return 1; } -static void provider_free(OSSL_PROVIDER *prov) -{ - OSSL_PROVIDER_unload(prov); -} - void app_providers_cleanup(void) { sk_OSSL_PROVIDER_pop_free(app_providers, provider_free); @@ -56,7 +57,7 @@ static int opt_provider_path(const char *path) { if (path != NULL && *path == '\0') path = NULL; - return OSSL_PROVIDER_set_default_search_path(NULL, path); + return OSSL_PROVIDER_set_default_search_path(app_get0_libctx(), path); } int opt_provider(int opt) @@ -66,7 +67,7 @@ int opt_provider(int opt) case OPT_PROV__LAST: return 1; case OPT_PROV_PROVIDER: - return opt_provider_load(opt_arg()); + return app_provider_load(app_get0_libctx(), opt_arg()); case OPT_PROV_PROVIDER_PATH: return opt_provider_path(opt_arg()); } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 777e4fed35..ba40e9bc7e 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -78,6 +78,8 @@ typedef struct { unsigned long mask; } NAME_EX_TBL; +static OPENSSL_CTX *app_libctx = NULL; + static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, @@ -335,13 +337,37 @@ static char *app_get_pass(const char *arg, int keepbio) return OPENSSL_strdup(tpass); } +OPENSSL_CTX *app_get0_libctx(void) +{ + return app_libctx; +} + +OPENSSL_CTX *app_create_libctx(void) +{ + /* + * Load the NULL provider into the default library context and create a + * library context which will then be used for any OPT_PROV options. + */ + if (app_libctx == NULL) { + + if (!app_provider_load(NULL, "null")) { + BIO_puts(bio_err, "Failed to create null provider\n"); + return NULL; + } + app_libctx = OPENSSL_CTX_new(); + } + if (app_libctx == NULL) + BIO_puts(bio_err, "Failed to create library context\n"); + return app_libctx; +} + CONF *app_load_config_bio(BIO *in, const char *filename) { long errorline = -1; CONF *conf; int i; - conf = NCONF_new(NULL); + conf = NCONF_new_with_libctx(app_libctx, NULL); i = NCONF_load_bio(conf, in, &errorline); if (i > 0) return conf; @@ -357,6 +383,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename) else BIO_printf(bio_err, "config input"); + CONF_modules_load(conf, NULL, 0); NCONF_free(conf); return NULL; } @@ -434,6 +461,23 @@ int add_oid_section(CONF *conf) return 1; } +CONF *app_load_config_modules(const char *configfile) +{ + CONF *conf = NULL; + + if (configfile != NULL) { + BIO_printf(bio_err, "Using configuration from %s\n", configfile); + + if ((conf = app_load_config(configfile)) == NULL) + return NULL; + if (configfile != default_config_file && !app_load_modules(conf)) { + NCONF_free(conf); + conf = NULL; + } + } + return conf; +} + X509 *load_cert_pass(const char *uri, int maybe_stdin, const char *pass, const char *desc) { diff --git a/apps/openssl.c b/apps/openssl.c index a1b4443e4b..6b2c2b9c6b 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -58,6 +58,7 @@ static void warn_deprecated(const FUNCTION *fp) static int apps_startup(void) { + const char *use_libctx = NULL; #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); #endif @@ -69,11 +70,26 @@ static int apps_startup(void) setup_ui_method(); + /* + * NOTE: This is an undocumented feature required for testing only. + * There are no guarantees that it will exist in future builds. + */ + use_libctx = getenv("OPENSSL_TEST_LIBCTX"); + if (use_libctx != NULL) { + /* Set this to "1" to create a global libctx */ + if (strcmp(use_libctx, "1") == 0) { + if (app_create_libctx() == NULL) + return 0; + } + } + return 1; } static void apps_shutdown(void) { + app_providers_cleanup(); + OPENSSL_CTX_free(app_get0_libctx()); destroy_ui_method(); } @@ -273,7 +289,6 @@ int main(int argc, char *argv[]) : do_cmd(prog, 1, help_argv); end: - app_providers_cleanup(); OPENSSL_free(default_config_file); lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 231547e291..4de2a56590 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -25,7 +25,8 @@ DEFINE_STACK_OF_STRING() static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, - const int impl, int rawin, EVP_PKEY **ppkey); + const int impl, int rawin, EVP_PKEY **ppkey, + OPENSSL_CTX *libctx, const char *propq); static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, ENGINE *e); @@ -47,6 +48,7 @@ typedef enum OPTION_choice { OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF, OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM, + OPT_CONFIG, OPT_RAWIN, OPT_DIGEST } OPTION_CHOICE; @@ -63,6 +65,7 @@ const OPTIONS pkeyutl_options[] = { {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, {"derive", OPT_DERIVE, '-', "Derive shared secret"}, + OPT_CONFIG_OPTION, OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file - default stdin"}, @@ -100,6 +103,7 @@ const OPTIONS pkeyutl_options[] = { int pkeyutl_main(int argc, char **argv) { + CONF *conf = NULL; BIO *in = NULL, *out = NULL; ENGINE *e = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -122,6 +126,8 @@ int pkeyutl_main(int argc, char **argv) int rawin = 0; const EVP_MD *md = NULL; int filesize = -1; + OPENSSL_CTX *libctx = app_get0_libctx(); + const char *propq = NULL; prog = opt_init(argc, argv, pkeyutl_options); while ((o = opt_next()) != OPT_EOF) { @@ -168,6 +174,11 @@ int pkeyutl_main(int argc, char **argv) if (!opt_rand(o)) goto end; break; + case OPT_CONFIG: + conf = app_load_config_modules(opt_arg()); + if (conf == NULL) + goto end; + break; case OPT_PROV_CASES: if (!opt_provider(o)) goto end; @@ -281,7 +292,8 @@ int pkeyutl_main(int argc, char **argv) goto opthelp; } ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, - passinarg, pkey_op, e, engine_impl, rawin, &pkey); + passinarg, pkey_op, e, engine_impl, rawin, &pkey, + libctx, propq); if (ctx == NULL) { BIO_printf(bio_err, "%s: Error initializing context\n", prog); ERR_print_errors(bio_err); @@ -484,6 +496,7 @@ int pkeyutl_main(int argc, char **argv) OPENSSL_free(sig); sk_OPENSSL_STRING_free(pkeyopts); sk_OPENSSL_STRING_free(pkeyopts_passin); + NCONF_free(conf); return ret; } @@ -491,7 +504,8 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int engine_impl, int rawin, - EVP_PKEY **ppkey) + EVP_PKEY **ppkey, + OPENSSL_CTX *libctx, const char *propq) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -547,13 +561,19 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, goto end; } } - ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); + if (impl != NULL) + ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); + else + ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq); } else { if (pkey == NULL) goto end; *pkeysize = EVP_PKEY_size(pkey); - ctx = EVP_PKEY_CTX_new(pkey, impl); + if (impl != NULL) + ctx = EVP_PKEY_CTX_new(pkey, impl); + else + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); if (ppkey != NULL) *ppkey = pkey; EVP_PKEY_free(pkey); diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 378cfccad6..c68ba3a934 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -38,6 +38,7 @@ B B [B<-engine_impl>] {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} +{- $OpenSSL::safe::opt_config_synopsis -} =for openssl ifdef engine engine_impl @@ -193,6 +194,8 @@ engine I for crypto operations. {- $OpenSSL::safe::opt_provider_item -} +{- $OpenSSL::safe::opt_config_item -} + =back =head1 NOTES diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 791bc52341..384dfb2e72 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -52,15 +52,6 @@ I and I. Detailed documentation and use cases for most standard subcommands are available (e.g., L). -Many commands use an external configuration file for some or all of their -arguments and have a B<-config> option to specify that file. -The default name of the file is F in the default certificate -storage area, which can be determined from the L -command. -The environment variable B can be used to specify -a different location of the file. -See L. - The list options B<-standard-commands>, B<-digest-commands>, and B<-cipher-commands> output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, @@ -86,6 +77,17 @@ availability of ciphers in the B program. (BI is not able to detect pseudo-commands such as B, B, or BI itself.) +=head2 Configuration Option + +Many commands use an external configuration file for some or all of their +arguments and have a B<-config> option to specify that file. +The default name of the file is F in the default certificate +storage area, which can be determined from the L +command. This can be used to load modules. +The environment variable B can be used to specify +a different location of the file. +See L. + =head2 Standard Commands =over 4 diff --git a/doc/perlvars.pm b/doc/perlvars.pm index 98c348859f..978c206e25 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -101,6 +101,14 @@ $OpenSSL::safe::opt_provider_item = "" . "\n" . "See L."; +# Configuration option +$OpenSSL::safe::opt_config_synopsis = "" +. "[B<-config> I]\n"; +$OpenSSL::safe::opt_config_item = "" +. "=item B<-config> I\n" +. "\n" +. "See L."; + # Engine option $OpenSSL::safe::opt_engine_synopsis = ""; $OpenSSL::safe::opt_engine_item = ""; diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t new file mode 100644 index 0000000000..1b6fcb8e65 --- /dev/null +++ b/test/recipes/15-test_rsaoaep.t @@ -0,0 +1,155 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); +use OpenSSL::Test::Utils; +use File::Compare qw/compare_text/; + +BEGIN { + setup("test_rsaoaep"); +} +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +plan tests => + ($no_fips ? 0 : 1) # FIPS install test + + 9; + +my @prov = ( ); +my $provconf = srctop_file("test", "fips.cnf"); +my $provpath = bldtop_dir("providers"); +my $msg_file = data_file("plain_text"); +my $enc1_file = "enc1.bin"; +my $enc2_file = "enc2.bin"; +my $enc3_file = "enc3.bin"; +my $dec1_file = "dec1.txt"; +my $dec2_file = "dec2.txt"; +my $dec3_file = "dec3.txt"; +my $key_file = srctop_file("test", "testrsa.pem"); + +unless ($no_fips) { + @prov = ( "-provider_path", $provpath, "-config", $provconf ); + my $infile = bldtop_file('providers', platform->dso('fips')); + + ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsmodule.cnf'), + '-module', $infile])), + "fipsinstall"); + $ENV{OPENSSL_TEST_LIBCTX} = "1"; +} + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-out', $enc1_file])), + "RSA OAEP Encryption"); + +ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $key_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha256', + '-pkeyopt', 'mgf1-digest:sha1'])), + "RSA OAEP Encryption should fail if the message is larger than the rsa modulus"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-in', $enc1_file, + '-out', $dec1_file])) + && compare_text($dec1_file, $msg_file) == 0, + "RSA OAEP Decryption"); + +ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha256', + '-pkeyopt', 'mgf1-digest:sha224', + '-in', $enc1_file])), + "Incorrect digest for RSA OAEP Decryption"); + +ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha224', + '-in', $enc1_file])), + "Incorrect mgf1-digest for RSA OAEP Decryption"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-out', $enc2_file])) + && compare_text($enc2_file, $enc1_file) != 0, + "RSA OAEP Encryption should generate different encrypted data"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-in', $enc2_file, + '-out', $dec2_file])) + && compare_text($dec2_file, $msg_file) == 0, + "RSA OAEP Decryption with default digests"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-out', $enc3_file])), + "RSA OAEP Encryption with default digests"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-in', $enc3_file, + '-out', $dec3_file])) + && compare_text($dec3_file, $msg_file) == 0, + "RSA OAEP Decryption with explicit default digests"); diff --git a/test/recipes/15-test_rsaoaep_data/plain_text b/test/recipes/15-test_rsaoaep_data/plain_text new file mode 100644 index 0000000000..802992c422 --- /dev/null +++ b/test/recipes/15-test_rsaoaep_data/plain_text @@ -0,0 +1 @@ +Hello world From openssl at openssl.org Thu Jul 23 07:54:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 07:54:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1595490863.310405.1035.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3236, 847 wallclock secs (12.30 usr 1.14 sys + 787.58 cusr 59.36 csys = 860.38 CPU) Result: FAIL Makefile:3128: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3126: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 23 08:00:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 08:00:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1595491248.724846.17794.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): test/cmp_protect_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_server_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_server_test \ test/cmp_server_test-bin-cmp_server_test.o \ test/cmp_server_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_status_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_status_test \ test/cmp_status_test-bin-cmp_status_test.o \ test/cmp_status_test-bin-cmp_testlib.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/cmp_vfy_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/cmp_vfy_test \ test/cmp_vfy_test-bin-cmp_testlib.o \ test/cmp_vfy_test-bin-cmp_vfy_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/context_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/context_internal_test \ test/context_internal_test-bin-context_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ctype_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ctype_internal_test \ test/ctype_internal_test-bin-ctype_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/curve448_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/curve448_internal_test \ test/curve448_internal_test-bin-curve448_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/destest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/destest \ test/destest-bin-destest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dhtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dhtest \ test/dhtest-bin-dhtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/drbgtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/drbgtest \ test/drbgtest-bin-drbgtest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsa_no_digest_size_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsa_no_digest_size_test \ test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/dsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/dsatest \ test/dsatest-bin-dsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ec_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ec_internal_test \ test/ec_internal_test-bin-ec_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ecdsatest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ecdsatest \ test/ecdsatest-bin-ecdsatest.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_libctx_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_libctx_test \ test/evp_libctx_test-bin-evp_libctx_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/evp_pkey_provided_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/evp_pkey_provided_test \ test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/ffc_internal_test test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x0): undefined reference to `_bignum_dh2048_256_p' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x8): undefined reference to `_bignum_dh2048_256_q' test/evp_libctx_test-bin-evp_libctx_test.o:(.data+0x10): undefined reference to `_bignum_dh2048_256_g' ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/ffc_internal_test \ test/ffc_internal_test-bin-ffc_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/hexstr_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/hexstr_test \ test/hexstr_test-bin-hexstr_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:25601: recipe for target 'test/evp_libctx_test' failed make[1]: *** [test/evp_libctx_test] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:3073: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu Jul 23 08:03:07 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 08:03:07 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1595491387.719462.1132.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmactest-bin-cmactest.d.tmp -MT test/cmactest-bin-cmactest.o -c -o test/cmactest-bin-cmactest.o ../openssl/test/cmactest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_asn_test.d.tmp -MT test/cmp_asn_test-bin-cmp_asn_test.o -c -o test/cmp_asn_test-bin-cmp_asn_test.o ../openssl/test/cmp_asn_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_asn_test-bin-cmp_testlib.d.tmp -MT test/cmp_asn_test-bin-cmp_testlib.o -c -o test/cmp_asn_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_client_test.d.tmp -MT test/cmp_client_test-bin-cmp_client_test.o -c -o test/cmp_client_test-bin-cmp_client_test.o ../openssl/test/cmp_client_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_client_test-bin-cmp_testlib.d.tmp -MT test/cmp_client_test-bin-cmp_testlib.o -c -o test/cmp_client_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_ctx_test.d.tmp -MT test/cmp_ctx_test-bin-cmp_ctx_test.o -c -o test/cmp_ctx_test-bin-cmp_ctx_test.o ../openssl/test/cmp_ctx_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_ctx_test-bin-cmp_testlib.d.tmp -MT test/cmp_ctx_test-bin-cmp_testlib.o -c -o test/cmp_ctx_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_hdr_test.d.tmp -MT test/cmp_hdr_test-bin-cmp_hdr_test.o -c -o test/cmp_hdr_test-bin-cmp_hdr_test.o ../openssl/test/cmp_hdr_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_hdr_test-bin-cmp_testlib.d.tmp -MT test/cmp_hdr_test-bin-cmp_testlib.o -c -o test/cmp_hdr_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_msg_test.d.tmp -MT test/cmp_msg_test-bin-cmp_msg_test.o -c -o test/cmp_msg_test-bin-cmp_msg_test.o ../openssl/test/cmp_msg_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_msg_test-bin-cmp_testlib.d.tmp -MT test/cmp_msg_test-bin-cmp_testlib.o -c -o test/cmp_msg_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_protect_test.d.tmp -MT test/cmp_protect_test-bin-cmp_protect_test.o -c -o test/cmp_protect_test-bin-cmp_protect_test.o ../openssl/test/cmp_protect_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_protect_test-bin-cmp_testlib.d.tmp -MT test/cmp_protect_test-bin-cmp_testlib.o -c -o test/cmp_protect_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_server_test.d.tmp -MT test/cmp_server_test-bin-cmp_server_test.o -c -o test/cmp_server_test-bin-cmp_server_test.o ../openssl/test/cmp_server_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_server_test-bin-cmp_testlib.d.tmp -MT test/cmp_server_test-bin-cmp_testlib.o -c -o test/cmp_server_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_status_test.d.tmp -MT test/cmp_status_test-bin-cmp_status_test.o -c -o test/cmp_status_test-bin-cmp_status_test.o ../openssl/test/cmp_status_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_status_test-bin-cmp_testlib.d.tmp -MT test/cmp_status_test-bin-cmp_testlib.o -c -o test/cmp_status_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_testlib.d.tmp -MT test/cmp_vfy_test-bin-cmp_testlib.o -c -o test/cmp_vfy_test-bin-cmp_testlib.o ../openssl/test/cmp_testlib.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmp_vfy_test-bin-cmp_vfy_test.d.tmp -MT test/cmp_vfy_test-bin-cmp_vfy_test.o -c -o test/cmp_vfy_test-bin-cmp_vfy_test.o ../openssl/test/cmp_vfy_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/confdump-bin-confdump.d.tmp -MT test/confdump-bin-confdump.o -c -o test/confdump-bin-confdump.o ../openssl/test/confdump.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Itest -I. -Iapps/include -I../openssl/include -I../openssl/test -I../openssl -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbg_extra_test-bin-drbg_extra_test.d.tmp -MT test/drbg_extra_test-bin-drbg_extra_test.o -c -o test/drbg_extra_test-bin-drbg_extra_test.o ../openssl/test/drbg_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_extra_test2-bin-evp_extra_test2.d.tmp -MT test/evp_extra_test2-bin-evp_extra_test2.o -c -o test/evp_extra_test2-bin-evp_extra_test2.o ../openssl/test/evp_extra_test2.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_fetch_prov_test-bin-evp_fetch_prov_test.d.tmp -MT test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o -c -o test/evp_fetch_prov_test-bin-evp_fetch_prov_test.o ../openssl/test/evp_fetch_prov_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_libctx_test-bin-evp_libctx_test.d.tmp -MT test/evp_libctx_test-bin-evp_libctx_test.o -c -o test/evp_libctx_test-bin-evp_libctx_test.o ../openssl/test/evp_libctx_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.d.tmp -MT test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o -c -o test/evp_pkey_dparams_test-bin-evp_pkey_dparams_test.o ../openssl/test/evp_pkey_dparams_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_pkey_provided_test-bin-evp_pkey_provided_test.d.tmp -MT test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o -c -o test/evp_pkey_provided_test-bin-evp_pkey_provided_test.o ../openssl/test/evp_pkey_provided_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/evp_test-bin-evp_test.d.tmp -MT test/evp_test-bin-evp_test.o -c -o test/evp_test-bin-evp_test.o ../openssl/test/evp_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF test/exdatatest-bin-exdatatest.d.tmp -MT test/exdatatest-bin-exdatatest.o -c -o test/exdatatest-bin-exdatatest.o ../openssl/test/exdatatest.c ../openssl/test/evp_libctx_test.c:161:27: error: implicit declaration of function 'DH_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:161:27: note: did you mean 'BN_new'? ../openssl/include/openssl/bn.h:230:9: note: 'BN_new' declared here BIGNUM *BN_new(void); ^ ../openssl/test/evp_libctx_test.c:161:27: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] || !TEST_ptr(dh = DH_new()) ^ ../openssl/test/evp_libctx_test.c:161:25: error: incompatible integer to pointer conversion assigning to 'DH *' (aka 'struct dh_st *') from 'int' [-Werror,-Wint-conversion] || !TEST_ptr(dh = DH_new()) ^ ~~~~~~~~ ../openssl/test/testutil.h:436:64: note: expanded from macro 'TEST_ptr' # define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) ^ ../openssl/test/evp_libctx_test.c:165:23: error: implicit declaration of function 'DH_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] || !TEST_true(DH_set0_pqg(dh, p, q, g))) ^ ../openssl/test/evp_libctx_test.c:165:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/test/evp_libctx_test.c:182:5: error: implicit declaration of function 'DH_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DH_free(dh); ^ ../openssl/test/evp_libctx_test.c:182:5: note: did you mean 'BN_free'? ../openssl/include/openssl/bn.h:291:6: note: 'BN_free' declared here void BN_free(BIGNUM *a); ^ ../openssl/test/evp_libctx_test.c:182:5: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] DH_free(dh); ^ 7 errors generated. Makefile:25590: recipe for target 'test/evp_libctx_test-bin-evp_libctx_test.o' failed make[1]: *** [test/evp_libctx_test-bin-evp_libctx_test.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:3064: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Thu Jul 23 09:08:24 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 23 Jul 2020 09:08:24 +0000 Subject: Still Failing: openssl/openssl#36315 (master - ae89578) In-Reply-To: Message-ID: <5f195386a51ba_13fa7fc1a6d5818507a@travis-pro-tasks-955f4c649-jd6xv.mail> Build Update for openssl/openssl ------------------------------------- Build: #36315 Status: Still Failing Duration: 1 hr, 18 mins, and 19 secs Commit: ae89578 (master) Author: Shane Lontis Message: Test RSA oaep in fips mode Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11948) View the changeset: https://github.com/openssl/openssl/compare/a27cb956c022...ae89578be293 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/176827644?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 23 09:23:13 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 09:23:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1595496193.662499.3401.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): 70-test_sslversions.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t (Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 13 Failed: 2) Failed tests: 8-9 Non-zero exit status: 2 Files=205, Tests=2047, 461 wallclock secs ( 7.19 usr 0.91 sys + 393.84 cusr 42.04 csys = 443.98 CPU) Result: FAIL Makefile:3137: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3135: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 23 12:16:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 12:16:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1595506605.251120.15766.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3102, 840 wallclock secs (12.54 usr 1.17 sys + 779.31 cusr 58.26 csys = 851.28 CPU) Result: FAIL Makefile:3136: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3134: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 23 20:16:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 20:16:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1595535407.955172.19216.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3239, 899 wallclock secs (12.28 usr 1.26 sys + 794.26 cusr 63.63 csys = 871.43 CPU) Result: FAIL Makefile:3122: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3120: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 23 22:37:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 23 Jul 2020 22:37:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1595543839.698382.534.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=205, Tests=2949, 787 wallclock secs (10.24 usr 1.28 sys + 707.73 cusr 53.06 csys = 772.31 CPU) Result: FAIL Makefile:2371: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2369: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 24 04:42:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 04:42:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1595565742.348763.10550.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4137: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3107: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Fri Jul 24 09:40:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 09:40:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1595583659.232363.16244.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4125: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3095: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From shane.lontis at oracle.com Fri Jul 24 12:56:56 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Fri, 24 Jul 2020 12:56:56 +0000 Subject: [openssl] master update Message-ID: <1595595416.952294.8042.nullmailer@dev.openssl.org> The branch master has been updated via 6725682d77510bf6d499957897d7be124d603f40 (commit) from ae89578be2930c726d6ef56451233757a89f224f (commit) - Log ----------------------------------------------------------------- commit 6725682d77510bf6d499957897d7be124d603f40 Author: Shane Lontis Date: Fri Jul 24 22:53:27 2020 +1000 Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12153) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 2 +- apps/include/apps.h | 3 + apps/lib/apps.c | 33 +++++-- apps/req.c | 3 +- apps/storeutl.c | 14 ++- apps/ts.c | 8 +- apps/x509.c | 5 +- crypto/asn1/a_digest.c | 40 ++++++-- crypto/ess/ess_lib.c | 5 +- crypto/pem/pem_info.c | 40 ++++++-- crypto/pem/pem_pkey.c | 9 +- crypto/store/loader_file.c | 98 +++++++++++-------- crypto/store/store_lib.c | 32 +++--- crypto/store/store_local.h | 1 + crypto/store/store_register.c | 1 + crypto/x509/by_dir.c | 56 +++++++---- crypto/x509/by_file.c | 95 ++++++++++++------ crypto/x509/by_store.c | 42 +++++--- crypto/x509/v3_purp.c | 31 ++---- crypto/x509/x509_d2.c | 48 +++++++-- crypto/x509/x509_local.h | 9 +- crypto/x509/x509_lu.c | 53 +++++++--- crypto/x509/x509_vfy.c | 30 ++---- crypto/x509/x_all.c | 31 +++--- crypto/x509/x_x509.c | 31 +++++- doc/man3/OSSL_STORE_LOADER.pod | 17 ++-- doc/man3/OSSL_STORE_attach.pod | 4 +- doc/man3/OSSL_STORE_open.pod | 36 ++++--- doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod | 65 ++++++++++++ doc/man3/PEM_read_bio_PrivateKey.pod | 10 ++ doc/man3/SSL_load_client_CA_file.pod | 16 ++- doc/man3/X509_LOOKUP.pod | 106 ++++++++++++++------ doc/man3/X509_LOOKUP_hash_dir.pod | 16 ++- doc/man3/X509_STORE_add_cert.pod | 72 ++++++++++---- doc/man3/X509_STORE_new.pod | 7 +- doc/man3/X509_new.pod | 19 +++- doc/man3/X509_sign.pod | 4 +- doc/man3/X509_verify.pod | 30 +++--- doc/man3/X509v3_cache_extensions.pod | 44 --------- doc/man7/x509.pod | 3 +- include/crypto/store.h | 10 -- include/crypto/x509.h | 11 ++- include/openssl/pem.h | 9 ++ include/openssl/ssl.h | 3 + include/openssl/store.h | 35 ++++--- include/openssl/x509.h | 6 +- include/openssl/x509_vfy.h | 46 ++++++++- include/openssl/x509v3.h | 2 - ssl/s3_lib.c | 4 - ssl/ssl_cert.c | 35 ++++--- ssl/ssl_conf.c | 22 ++++- ssl/ssl_lib.c | 14 ++- ssl/ssl_mcnf.c | 6 ++ ssl/ssl_rsa.c | 125 +++++++++++++++--------- ssl/statem/statem_clnt.c | 10 +- ssl/statem/statem_srvr.c | 8 +- test/ssl_test.c | 2 +- test/ssl_test_ctx.c | 20 ++-- test/ssl_test_ctx.h | 7 +- test/ssl_test_ctx_test.c | 7 +- test/sslapitest.c | 51 +++++----- util/libcrypto.num | 19 +++- util/libssl.num | 1 + util/other.syms | 3 + 64 files changed, 1081 insertions(+), 544 deletions(-) create mode 100644 doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod delete mode 100644 doc/man3/X509v3_cache_extensions.pod diff --git a/apps/ca.c b/apps/ca.c index d0309ae15c..e001a34190 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1643,7 +1643,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n"); - if ((ret = X509_new()) == NULL) + if ((ret = X509_new_with_libctx(app_get0_libctx(), app_get0_propq())) == NULL) goto end; #ifdef X509_V3 diff --git a/apps/include/apps.h b/apps/include/apps.h index 9a76dcd339..e91cdcdb8f 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -299,4 +299,7 @@ void app_params_free(OSSL_PARAM *params); int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name); void app_providers_cleanup(void); +OPENSSL_CTX *app_get0_libctx(void); +const char *app_get0_propq(void); + #endif diff --git a/apps/lib/apps.c b/apps/lib/apps.c index ba40e9bc7e..cf99ca0ebf 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -342,6 +342,12 @@ OPENSSL_CTX *app_get0_libctx(void) return app_libctx; } +/* TODO(3.0): Make this an environment variable if required */ +const char *app_get0_propq(void) +{ + return NULL; +} + OPENSSL_CTX *app_create_libctx(void) { /* @@ -657,9 +663,11 @@ static int load_certs_crls(const char *file, int format, if (bio == NULL) return 0; - xis = PEM_X509_INFO_read_bio(bio, NULL, - (pem_password_cb *)password_callback, - &cb_data); + xis = PEM_X509_INFO_read_bio_with_libctx(bio, NULL, + (pem_password_cb *)password_callback, + &cb_data, + app_get0_libctx(), + app_get0_propq()); BIO_free(bio); @@ -765,6 +773,8 @@ int load_key_cert_crl(const char *uri, int maybe_stdin, { PW_CB_DATA uidata; OSSL_STORE_CTX *ctx = NULL; + OPENSSL_CTX *libctx = app_get0_libctx(); + const char *propq = app_get0_propq(); int ret = 0; /* TODO make use of the engine reference 'eng' when loading pkeys */ @@ -791,11 +801,12 @@ int load_key_cert_crl(const char *uri, int maybe_stdin, unbuffer(stdin); bio = BIO_new_fp(stdin, 0); if (bio != NULL) - ctx = OSSL_STORE_attach(bio, NULL, "file", NULL, + ctx = OSSL_STORE_attach(bio, "file", libctx, propq, get_ui_method(), &uidata, NULL, NULL); uri = ""; } else { - ctx = OSSL_STORE_open(uri, get_ui_method(), &uidata, NULL, NULL); + ctx = OSSL_STORE_open_with_libctx(uri, libctx, propq, get_ui_method(), + &uidata, NULL, NULL); } if (ctx == NULL) { BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n", @@ -1099,6 +1110,8 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile, { X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; + OPENSSL_CTX *libctx = app_get0_libctx(); + const char *propq = app_get0_propq(); if (store == NULL) goto end; @@ -1108,12 +1121,16 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile, if (lookup == NULL) goto end; if (CAfile != NULL) { - if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) { + if (!X509_LOOKUP_load_file_with_libctx(lookup, CAfile, + X509_FILETYPE_PEM, + libctx, propq)) { BIO_printf(bio_err, "Error loading file %s\n", CAfile); goto end; } } else { - X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + X509_LOOKUP_load_file_with_libctx(lookup, NULL, + X509_FILETYPE_DEFAULT, + libctx, propq); } } @@ -1135,7 +1152,7 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile, lookup = X509_STORE_add_lookup(store, X509_LOOKUP_store()); if (lookup == NULL) goto end; - if (!X509_LOOKUP_add_store(lookup, CAstore)) { + if (!X509_LOOKUP_add_store_with_libctx(lookup, CAstore, libctx, propq)) { if (CAstore != NULL) BIO_printf(bio_err, "Error loading store URI %s\n", CAstore); goto end; diff --git a/apps/req.c b/apps/req.c index 4ae828cd45..bee0329b24 100644 --- a/apps/req.c +++ b/apps/req.c @@ -742,7 +742,8 @@ int req_main(int argc, char **argv) if (x509) { EVP_PKEY *tmppkey; X509V3_CTX ext_ctx; - if ((x509ss = X509_new()) == NULL) + if ((x509ss = X509_new_with_libctx(app_get0_libctx(), + app_get0_propq())) == NULL) goto end; /* Set version to V3 */ diff --git a/apps/storeutl.c b/apps/storeutl.c index 87e8fcc9e6..95af277260 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -19,7 +19,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, int expected, int criterion, OSSL_STORE_SEARCH *search, int text, int noout, int recursive, int indent, BIO *out, - const char *prog); + const char *prog, OPENSSL_CTX *libctx, const char *propq); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN, @@ -84,6 +84,8 @@ int storeutl_main(int argc, char *argv[]) char *alias = NULL; OSSL_STORE_SEARCH *search = NULL; const EVP_MD *digest = NULL; + OPENSSL_CTX *libctx = app_get0_libctx(); + const char *propq = app_get0_propq(); while ((o = opt_next()) != OPT_EOF) { switch (o) { @@ -322,7 +324,7 @@ int storeutl_main(int argc, char *argv[]) ret = process(argv[0], get_ui_method(), &pw_cb_data, expected, criterion, search, - text, noout, recursive, 0, out, prog); + text, noout, recursive, 0, out, prog, libctx, propq); end: OPENSSL_free(fingerprint); @@ -353,12 +355,13 @@ static int indent_printf(int indent, BIO *bio, const char *format, ...) static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, int expected, int criterion, OSSL_STORE_SEARCH *search, int text, int noout, int recursive, int indent, BIO *out, - const char *prog) + const char *prog, OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_CTX *store_ctx = NULL; int ret = 1, items = 0; - if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL)) + if ((store_ctx = OSSL_STORE_open_with_libctx(uri, libctx, propq, + uimeth, uidata, NULL, NULL)) == NULL) { BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri); ERR_print_errors(bio_err); @@ -439,7 +442,8 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, const char *suburi = OSSL_STORE_INFO_get0_NAME(info); ret += process(suburi, uimeth, uidata, expected, criterion, search, - text, noout, recursive, indent + 2, out, prog); + text, noout, recursive, indent + 2, out, prog, + libctx, propq); } break; case OSSL_STORE_INFO_PARAMS: diff --git a/apps/ts.c b/apps/ts.c index da4584ab53..09c586b44f 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -957,6 +957,8 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, { X509_STORE *cert_ctx = NULL; X509_LOOKUP *lookup = NULL; + OPENSSL_CTX *libctx = app_get0_libctx(); + const char *propq = app_get0_propq(); cert_ctx = X509_STORE_new(); X509_STORE_set_verify_cb(cert_ctx, verify_cb); @@ -978,7 +980,9 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, BIO_printf(bio_err, "memory allocation failure\n"); goto err; } - if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) { + if (!X509_LOOKUP_load_file_with_libctx(lookup, CAfile, + X509_FILETYPE_PEM, + libctx, propq)) { BIO_printf(bio_err, "Error loading file %s\n", CAfile); goto err; } @@ -990,7 +994,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, BIO_printf(bio_err, "memory allocation failure\n"); goto err; } - if (!X509_LOOKUP_load_store(lookup, CAstore)) { + if (!X509_LOOKUP_load_store_with_libctx(lookup, CAstore, libctx, propq)) { BIO_printf(bio_err, "Error loading store URI %s\n", CAstore); goto err; } diff --git a/apps/x509.c b/apps/x509.c index c09bca37bc..d8f69c08eb 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -510,7 +510,8 @@ int x509_main(int argc, char **argv) goto end; } - if (!X509_STORE_set_default_paths(ctx)) { + if (!X509_STORE_set_default_paths_with_libctx(ctx, app_get0_libctx(), + app_get0_propq())) { ERR_print_errors(bio_err); goto end; } @@ -607,7 +608,7 @@ int x509_main(int argc, char **argv) "We need a private key to sign with, use -signkey or -CAkey or -CA with private key\n"); goto end; } - if ((x = X509_new()) == NULL) + if ((x = X509_new_with_libctx(app_get0_libctx(), app_get0_propq())) == NULL) goto end; if (sno == NULL) { diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index caf2f6c34f..c0c1cda272 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -7,16 +7,21 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include #include "internal/cryptlib.h" +#include #include #include #include #include +#include "crypto/x509.h" #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -48,20 +53,39 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, #endif -int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, - unsigned char *md, unsigned int *len) +int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *md, + void *asn, unsigned char *data, + unsigned int *len, OPENSSL_CTX *libctx, + const char *propq) { - int i; + int i, ret = 0; unsigned char *str = NULL; + EVP_MD *fetched_md = (EVP_MD *)md; i = ASN1_item_i2d(asn, &str, it); - if (!str) + if (str == NULL) return 0; - if (!EVP_Digest(str, i, md, len, type, NULL)) { - OPENSSL_free(str); - return 0; + if (EVP_MD_provider(md) == NULL) { +#if !defined(OPENSSL_NO_ENGINE) + if (ENGINE_get_digest_engine(EVP_MD_type(md)) == NULL) +#endif + fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq); } + if (fetched_md == NULL) + goto err; + + ret = EVP_Digest(str, i, data, len, fetched_md, NULL); +err: OPENSSL_free(str); - return 1; + if (fetched_md != md) + EVP_MD_free(fetched_md); + return ret; } + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn, + unsigned char *data, unsigned int *len) +{ + return asn1_item_digest_with_libctx(it, md, asn, data, len, NULL, NULL); +} + diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 4a7a2632ba..ad0d6f332c 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -12,6 +12,7 @@ #include #include #include "crypto/ess.h" +#include "crypto/x509.h" DEFINE_STACK_OF(ESS_CERT_ID) DEFINE_STACK_OF(ESS_CERT_ID_V2) @@ -61,7 +62,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) unsigned char cert_sha1[SHA_DIGEST_LENGTH]; /* Call for side-effect of computing hash and caching extensions */ - if (!X509v3_cache_extensions(cert, NULL, NULL)) + if (!x509v3_cache_extensions(cert)) return NULL; if ((cid = ESS_CERT_ID_new()) == NULL) @@ -304,7 +305,7 @@ int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) return -1; /* Recompute SHA1 hash of certificate if necessary (side effect). */ - if (!X509v3_cache_extensions(cert, NULL, NULL)) + if (!x509v3_cache_extensions(cert)) return -1; /* TODO(3.0): fetch sha1 algorithm from providers */ diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index f6a5dedc48..a3981c9dda 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -26,25 +26,35 @@ DEFINE_STACK_OF(X509_INFO) #ifndef OPENSSL_NO_STDIO -STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) { BIO *b; STACK_OF(X509_INFO) *ret; if ((b = BIO_new(BIO_s_file())) == NULL) { - PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB); + PEMerr(0, ERR_R_BUF_LIB); return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_X509_INFO_read_bio(b, sk, cb, u); + ret = PEM_X509_INFO_read_bio_with_libctx(b, sk, cb, u, libctx, propq); BIO_free(b); return ret; } + +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u) +{ + return PEM_X509_INFO_read_with_libctx(fp, sk, cb, u, NULL, NULL); +} #endif -STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_bio_with_libctx(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq) { X509_INFO *xi = NULL; char *name = NULL, *header = NULL; @@ -59,7 +69,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, if (sk == NULL) { if ((ret = sk_X509_INFO_new_null()) == NULL) { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE); + PEMerr(0, ERR_R_MALLOC_FAILURE); goto err; } } else @@ -90,6 +100,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, goto err; goto start; } + xi->x509 = X509_new_with_libctx(libctx, propq); + if (xi->x509 == NULL) + goto err; pp = &(xi->x509); } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) { d2i = (D2I_OF(void)) d2i_X509_AUX; @@ -100,6 +113,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, goto err; goto start; } + xi->x509 = X509_new_with_libctx(libctx, propq); + if (xi->x509 == NULL) + goto err; pp = &(xi->x509); } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { d2i = (D2I_OF(void)) d2i_X509_CRL; @@ -197,11 +213,11 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, p = data; if (ptype) { if (!d2i_PrivateKey(ptype, pp, &p, len)) { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); + PEMerr(0, ERR_R_ASN1_LIB); goto err; } } else if (d2i(pp, &p, len) == NULL) { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); + PEMerr(0, ERR_R_ASN1_LIB); goto err; } } else { /* encrypted RSA data */ @@ -251,6 +267,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, return ret; } +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u) +{ + return PEM_X509_INFO_read_bio_with_libctx(bp, sk, cb, u, NULL, NULL); +} + /* A TJH addition */ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, const unsigned char *kstr, int klen, diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index ee9b6764a6..c60eed97c0 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -39,7 +39,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) return NULL; - if ((ctx = OSSL_STORE_attach(bp, libctx, "file", propq, ui_method, u, + if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u, NULL, NULL)) == NULL) goto err; #ifndef OPENSSL_NO_SECURE_HEAP @@ -50,7 +50,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } #endif - while (!OSSL_STORE_eof(ctx) && (info = OSSL_STORE_load(ctx)) != NULL) { + while (!OSSL_STORE_eof(ctx) + && (info = OSSL_STORE_load(ctx)) != NULL) { if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) { ret = OSSL_STORE_INFO_get1_PKEY(info); break; @@ -106,7 +107,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) OSSL_STORE_CTX *ctx = NULL; OSSL_STORE_INFO *info = NULL; - if ((ctx = OSSL_STORE_attach(bp, NULL, "file", NULL, UI_null(), NULL, + if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, UI_null(), NULL, NULL, NULL)) == NULL) goto err; @@ -201,7 +202,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) if ((ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0)) == NULL) return NULL; - if ((ctx = OSSL_STORE_attach(bp, NULL, "file", NULL, ui_method, u, + if ((ctx = OSSL_STORE_attach(bp, "file", NULL, NULL, ui_method, u, NULL, NULL)) == NULL) goto err; diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 30f4e6ecaf..5ff93e33ab 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -693,8 +693,12 @@ static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, *matchcount = 1; } - if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL - || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) { + cert = X509_new_with_libctx(libctx, propq); + if (cert == NULL) + return NULL; + + if ((d2i_X509_AUX(&cert, &blob, len)) != NULL + || (ignore_trusted && (d2i_X509(&cert, &blob, len)) != NULL)) { *matchcount = 1; store_info = OSSL_STORE_INFO_new_CERT(cert); } @@ -813,7 +817,6 @@ struct ossl_store_loader_ctx_st { /* Expected object type. May be unspecified */ int expected_type; - OPENSSL_CTX *libctx; char *propq; }; @@ -823,6 +826,7 @@ static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) if (ctx == NULL) return; + OPENSSL_free(ctx->propq); OPENSSL_free(ctx->uri); if (ctx->type != is_dir) { if (ctx->_.file.last_handler != NULL) { @@ -831,7 +835,6 @@ static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) ctx->_.file.last_handler = NULL; } } - OPENSSL_free(ctx->propq); OPENSSL_free(ctx); } @@ -852,10 +855,10 @@ static int file_find_type(OSSL_STORE_LOADER_CTX *ctx) return 1; } -static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, - const char *uri, - const UI_METHOD *ui_method, - void *ui_data) +static OSSL_STORE_LOADER_CTX *file_open_with_libctx + (const OSSL_STORE_LOADER *loader, const char *uri, + OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data) { OSSL_STORE_LOADER_CTX *ctx = NULL; struct stat st; @@ -888,8 +891,7 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, } else if (uri[7] == '/') { p = &uri[7]; } else { - OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, - OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); + OSSL_STOREerr(0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); return NULL; } } @@ -917,8 +919,7 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, * be absolute. So says RFC 8089 */ if (path_data[i].check_absolute && path_data[i].path[0] != '/') { - OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, - OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); + OSSL_STOREerr(0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); ERR_add_error_data(1, path_data[i].path); return NULL; } @@ -940,12 +941,12 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { - OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); + OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); return NULL; } ctx->uri = OPENSSL_strdup(uri); if (ctx->uri == NULL) { - OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); + OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); goto err; } @@ -956,7 +957,7 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, if (ctx->_.dir.last_entry == NULL) { if (ctx->_.dir.last_errno != 0) { char errbuf[256]; - OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); + OSSL_STOREerr(0, ERR_R_SYS_LIB); errno = ctx->_.dir.last_errno; if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) ERR_add_error_data(1, errbuf); @@ -969,6 +970,14 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, BIO_free_all(ctx->_.file.file); goto err; } + if (propq != NULL) { + ctx->propq = OPENSSL_strdup(propq); + if (ctx->propq == NULL) { + OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + } + ctx->libctx = libctx; return ctx; err: @@ -976,32 +985,44 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, return NULL; } -static OSSL_STORE_LOADER_CTX *file_attach(const OSSL_STORE_LOADER *loader, - BIO *bp, OPENSSL_CTX *libctx, - const char *propq, - const UI_METHOD *ui_method, - void *ui_data) +static OSSL_STORE_LOADER_CTX *file_open + (const OSSL_STORE_LOADER *loader, const char *uri, + const UI_METHOD *ui_method, void *ui_data) { - OSSL_STORE_LOADER_CTX *ctx; + return file_open_with_libctx(loader, uri, NULL, NULL, ui_method, ui_data); +} - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL - || (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)) { - OSSL_STOREerr(OSSL_STORE_F_FILE_ATTACH, ERR_R_MALLOC_FAILURE); - OSSL_STORE_LOADER_CTX_free(ctx); - return NULL; +static OSSL_STORE_LOADER_CTX *file_attach + (const OSSL_STORE_LOADER *loader, BIO *bp, + OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data) +{ + OSSL_STORE_LOADER_CTX *ctx = NULL; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); + goto err; } + if (propq != NULL) { + ctx->propq = OPENSSL_strdup(propq); + if (ctx->propq == NULL) { + OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + } ctx->libctx = libctx; ctx->flags |= FILE_FLAG_ATTACHED; ctx->_.file.file = bp; if (!file_find_type(ctx)) { /* Safety measure */ ctx->_.file.file = NULL; - OSSL_STORE_LOADER_CTX_free(ctx); - ctx = NULL; + goto err; } - return ctx; +err: + OSSL_STORE_LOADER_CTX_free(ctx); + return NULL; } static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) @@ -1021,8 +1042,7 @@ static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) ctx->flags |= FILE_FLAG_SECMEM; break; default: - OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL, - ERR_R_PASSED_INVALID_ARGUMENT); + OSSL_STOREerr(0, ERR_R_PASSED_INVALID_ARGUMENT); ret = 0; break; } @@ -1422,7 +1442,8 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) static int file_eof(OSSL_STORE_LOADER_CTX *ctx); static int file_error(OSSL_STORE_LOADER_CTX *ctx); static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, - const UI_METHOD *ui_method, void *ui_data) + const UI_METHOD *ui_method, + void *ui_data) { OSSL_STORE_INFO *result = NULL; @@ -1437,7 +1458,7 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, if (!ctx->_.dir.end_reached) { char errbuf[256]; assert(ctx->_.dir.last_errno != 0); - OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); + OSSL_STOREerr(0, ERR_R_SYS_LIB); errno = ctx->_.dir.last_errno; ctx->errcnt++; if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) @@ -1465,7 +1486,7 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, if (newname != NULL && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { OPENSSL_free(newname); - OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB); + OSSL_STOREerr(0, ERR_R_OSSL_STORE_LIB); return NULL; } } while (result == NULL && !file_eof(ctx)); @@ -1524,16 +1545,14 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, } if (matchcount > 1) { - OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, - OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); + OSSL_STOREerr(0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); } else if (matchcount == 1) { /* * If there are other errors on the stack, they already show * what the problem is. */ if (ERR_peek_error() == 0) { - OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, - OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); + OSSL_STOREerr(0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); if (pem_name != NULL) ERR_add_error_data(3, "PEM type is '", pem_name, "'"); } @@ -1617,7 +1636,8 @@ static OSSL_STORE_LOADER file_loader = file_load, file_eof, file_error, - file_close + file_close, + file_open_with_libctx, }; static void store_file_loader_deinit(void) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index e1fc591894..2878358245 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -11,9 +11,6 @@ #include #include #include - -#include "e_os.h" - #include #include #include @@ -35,10 +32,10 @@ struct ossl_store_ctx_st { int loading; }; -OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, - void *ui_data, - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) +OSSL_STORE_CTX *OSSL_STORE_open_with_libctx( + const char *uri, OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, void *post_process_data) { const OSSL_STORE_LOADER *loader = NULL; OSSL_STORE_LOADER_CTX *loader_ctx = NULL; @@ -78,7 +75,11 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]); if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) { OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]); - loader_ctx = loader->open(loader, uri, ui_method, ui_data); + if (loader->open_with_libctx != NULL) + loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq, + ui_method, ui_data); + else + loader_ctx = loader->open(loader, uri, ui_method, ui_data); OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx); } } @@ -87,7 +88,7 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, goto err; if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE); + OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE); goto err; } @@ -120,6 +121,15 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, return NULL; } +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) +{ + return OSSL_STORE_open_with_libctx(uri, NULL, NULL, ui_method, ui_data, + post_process, post_process_data); +} + int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...) { va_list args; @@ -653,8 +663,8 @@ char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info) return NULL; } -OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, OPENSSL_CTX *libctx, - const char *scheme, const char *propq, +OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, + OPENSSL_CTX *libctx, const char *propq, const UI_METHOD *ui_method, void *ui_data, OSSL_STORE_post_process_info_fn post_process, void *post_process_data) diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index 31e04d13ad..c9592c38ce 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -110,6 +110,7 @@ struct ossl_store_loader_st { OSSL_STORE_eof_fn eof; OSSL_STORE_error_fn error; OSSL_STORE_close_fn close; + OSSL_STORE_open_with_libctx_fn open_with_libctx; }; DEFINE_LHASH_OF(OSSL_STORE_LOADER); diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index 12efb3e89b..4fbf459afa 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -220,6 +220,7 @@ const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme) template.load = NULL; template.eof = NULL; template.close = NULL; + template.open_with_libctx = NULL; if (!ossl_store_init_once()) return NULL; diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 43b175e2dc..ff6e4cf03c 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -42,23 +42,32 @@ typedef struct lookup_dir_st { } BY_DIR; static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **ret); + char **retp); + static int new_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu); static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret); +static int get_cert_by_subject_with_libctx(X509_LOOKUP *xl, + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret, + OPENSSL_CTX *libctx, + const char *propq); static X509_LOOKUP_METHOD x509_dir_lookup = { "Load certs from files in a directory", - new_dir, /* new_item */ - free_dir, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - dir_ctrl, /* ctrl */ - get_cert_by_subject, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ + new_dir, /* new_item */ + free_dir, /* free */ + NULL, /* init */ + NULL, /* shutdown */ + dir_ctrl, /* ctrl */ + get_cert_by_subject, /* get_by_subject */ + NULL, /* get_by_issuer_serial */ + NULL, /* get_by_fingerprint */ + NULL, /* get_by_alias */ + get_cert_by_subject_with_libctx, /* get_by_subject_with_libctx */ + NULL, /* ctrl_with_libctx */ }; X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) @@ -210,8 +219,12 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 1; } -static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) +static int get_cert_by_subject_with_libctx(X509_LOOKUP *xl, + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret, + OPENSSL_CTX *libctx, + const char *propq) { BY_DIR *ctx; union { @@ -238,12 +251,12 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, stmp.data.crl = &data.crl; postfix = "r"; } else { - X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); + X509err(0, X509_R_WRONG_LOOKUP_TYPE); goto finish; } if ((b = BUF_MEM_new()) == NULL) { - X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB); + X509err(0, ERR_R_BUF_LIB); goto finish; } @@ -258,7 +271,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; if (!BUF_MEM_grow(b, j)) { - X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); goto finish; } if (type == X509_LU_CRL && ent->hashes) { @@ -316,7 +329,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, #endif /* found one. */ if (type == X509_LU_X509) { - if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0) + if ((X509_load_cert_file_with_libctx(xl, b->data, ent->dir_type, + libctx, propq)) == 0) break; } else if (type == X509_LU_CRL) { if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) @@ -351,7 +365,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, hent = OPENSSL_malloc(sizeof(*hent)); if (hent == NULL) { CRYPTO_THREAD_unlock(ctx->lock); - X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); ok = 0; goto finish; } @@ -360,7 +374,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { CRYPTO_THREAD_unlock(ctx->lock); OPENSSL_free(hent); - X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); ok = 0; goto finish; } @@ -390,3 +404,9 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, BUF_MEM_free(b); return ok; } + +static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret) +{ + return get_cert_by_subject_with_libctx(xl, type, name, ret, NULL, NULL); +} diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index f9e1e73fc4..d5e6dde4f8 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -21,6 +21,11 @@ DEFINE_STACK_OF(X509_INFO) static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); +static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, + const char *argc, long argl, char **ret, + OPENSSL_CTX *libctx, const char *propq); + + static X509_LOOKUP_METHOD x509_file_lookup = { "Load file into cache", NULL, /* new_item */ @@ -32,6 +37,8 @@ static X509_LOOKUP_METHOD x509_file_lookup = { NULL, /* get_by_issuer_serial */ NULL, /* get_by_fingerprint */ NULL, /* get_by_alias */ + NULL, /* get_by_subject_with_libctx */ + by_file_ctrl_with_libctx, /* ctrl_with_libctx */ }; X509_LOOKUP_METHOD *X509_LOOKUP_file(void) @@ -39,8 +46,9 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void) return &x509_file_lookup; } -static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, - long argl, char **ret) +static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, + const char *argp, long argl, char **ret, + OPENSSL_CTX *libctx, const char *propq) { int ok = 0; const char *file; @@ -50,30 +58,40 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, if (argl == X509_FILETYPE_DEFAULT) { file = ossl_safe_getenv(X509_get_default_cert_file_env()); if (file) - ok = (X509_load_cert_crl_file(ctx, file, - X509_FILETYPE_PEM) != 0); + ok = (X509_load_cert_crl_file_with_libctx(ctx, file, + X509_FILETYPE_PEM, + libctx, propq) != 0); else - ok = (X509_load_cert_crl_file - (ctx, X509_get_default_cert_file(), - X509_FILETYPE_PEM) != 0); + ok = (X509_load_cert_crl_file_with_libctx( + ctx, X509_get_default_cert_file(), + X509_FILETYPE_PEM, libctx, propq) != 0); if (!ok) { - X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); + X509err(0, X509_R_LOADING_DEFAULTS); } } else { if (argl == X509_FILETYPE_PEM) - ok = (X509_load_cert_crl_file(ctx, argp, - X509_FILETYPE_PEM) != 0); + ok = (X509_load_cert_crl_file_with_libctx(ctx, argp, + X509_FILETYPE_PEM, + libctx, propq) != 0); else - ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); + ok = (X509_load_cert_file_with_libctx(ctx, argp, (int)argl, + libctx, propq) != 0); } break; } return ok; } -int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) +static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, + const char *argp, long argl, char **ret) +{ + return by_file_ctrl_with_libctx(ctx, cmd, argp, argl, ret, NULL, NULL); +} + +int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type, + OPENSSL_CTX *libctx, const char *propq) { int ret = 0; BIO *in = NULL; @@ -83,20 +101,29 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { - X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); + X509err(0, ERR_R_SYS_LIB); + goto err; + } + + if (type != X509_FILETYPE_PEM && type != X509_FILETYPE_ASN1) { + X509err(0, X509_R_BAD_X509_FILETYPE); + goto err; + } + x = X509_new_with_libctx(libctx, propq); + if (x == NULL) { + X509err(0, ERR_R_MALLOC_FAILURE); goto err; } if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); - if (x == NULL) { + if (PEM_read_bio_X509_AUX(in, &x, NULL, "") == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; } else { - X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); + X509err(0, ERR_R_PEM_LIB); goto err; } } @@ -109,27 +136,28 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) } ret = count; } else if (type == X509_FILETYPE_ASN1) { - x = d2i_X509_bio(in, NULL); - if (x == NULL) { - X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); + if (d2i_X509_bio(in, &x) == NULL) { + X509err(0, ERR_R_ASN1_LIB); goto err; } i = X509_STORE_add_cert(ctx->store_ctx, x); if (!i) goto err; ret = i; - } else { - X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); - goto err; } if (ret == 0) - X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_NO_CERTIFICATE_FOUND); + X509err(0, X509_R_NO_CERTIFICATE_FOUND); err: X509_free(x); BIO_free(in); return ret; } +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) +{ + return X509_load_cert_file_with_libctx(ctx, file, type, NULL, NULL); +} + int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) { int ret = 0; @@ -187,7 +215,9 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) return ret; } -int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) +int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file, + int type, OPENSSL_CTX *libctx, + const char *propq) { STACK_OF(X509_INFO) *inf; X509_INFO *itmp; @@ -195,16 +225,16 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; if (type != X509_FILETYPE_PEM) - return X509_load_cert_file(ctx, file, type); + return X509_load_cert_file_with_libctx(ctx, file, type, libctx, propq); in = BIO_new_file(file, "r"); if (!in) { - X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); + X509err(0, ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); + inf = PEM_X509_INFO_read_bio_with_libctx(in, NULL, NULL, "", libctx, propq); BIO_free(in); if (!inf) { - X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); + X509err(0, ERR_R_PEM_LIB); return 0; } for (i = 0; i < sk_X509_INFO_num(inf); i++) { @@ -221,9 +251,14 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) } } if (count == 0) - X509err(X509_F_X509_LOAD_CERT_CRL_FILE, - X509_R_NO_CERTIFICATE_OR_CRL_FOUND); + X509err(0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND); err: sk_X509_INFO_pop_free(inf, X509_INFO_free); return count; } + +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) +{ + return X509_load_cert_crl_file_with_libctx(ctx, file, type, NULL, NULL); +} + diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index 7141c1bd2f..debb76150d 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -17,13 +17,14 @@ DEFINE_STACK_OF_STRING() /* Generic object loader, given expected type and criterion */ static int cache_objects(X509_LOOKUP *lctx, const char *uri, const OSSL_STORE_SEARCH *criterion, - int depth) + int depth, OPENSSL_CTX *libctx, const char *propq) { int ok = 0; OSSL_STORE_CTX *ctx = NULL; X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_open_with_libctx(uri, libctx, propq, + NULL, NULL, NULL, NULL)) == NULL) return 0; /* @@ -65,7 +66,7 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri, */ if (depth > 0) ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info), - criterion, depth - 1); + criterion, depth - 1, libctx, propq); } else { /* * We know that X509_STORE_add_{cert|crl} increments the object's @@ -106,9 +107,10 @@ static void by_store_free(X509_LOOKUP *ctx) sk_OPENSSL_STRING_pop_free(uris, free_uri); } -static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, - const char *argp, long argl, - char **retp) +static int by_store_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, + const char *argp, long argl, + char **retp, + OPENSSL_CTX *libctx, const char *propq) { switch (cmd) { case X509_L_ADD_STORE: @@ -129,14 +131,21 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, } case X509_L_LOAD_STORE: /* This is a shortcut for quick loading of specific containers */ - return cache_objects(ctx, argp, NULL, 0); + return cache_objects(ctx, argp, NULL, 0, libctx, propq); } return 0; } +static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, + const char *argp, long argl, char **retp) +{ + return by_store_ctrl_with_libctx(ctx, cmd, argp, argl, retp, NULL, NULL); +} + static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret) + const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret, + OPENSSL_CTX *libctx, const char *propq) { STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); int i; @@ -144,7 +153,7 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) { ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion, - 1 /* depth */); + 1 /* depth */, libctx, propq); if (ok) break; @@ -152,12 +161,13 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ok; } -static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) +static int by_store_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OPENSSL_CTX *libctx, const char *propq) { OSSL_STORE_SEARCH *criterion = OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ - int ok = by_store(ctx, type, criterion, ret); + int ok = by_store(ctx, type, criterion, ret, libctx, propq); STACK_OF(X509_OBJECT) *store_objects = X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); X509_OBJECT *tmp = NULL; @@ -205,6 +215,12 @@ static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ok; } +static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret) +{ + return by_store_subject_with_libctx(ctx, type, name, ret, NULL, NULL); +} + /* * We lack the implementations for get_by_issuer_serial, get_by_fingerprint * and get_by_alias. There's simply not enough support in the X509_LOOKUP @@ -222,6 +238,8 @@ static X509_LOOKUP_METHOD x509_store_lookup = { NULL, /* get_by_issuer_serial */ NULL, /* get_by_fingerprint */ NULL, /* get_by_alias */ + by_store_subject_with_libctx, + by_store_ctrl_with_libctx }; X509_LOOKUP_METHOD *X509_LOOKUP_store(void) diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 4a2b549199..9e0190a038 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -84,7 +84,7 @@ int X509_check_purpose(X509 *x, int id, int ca) int idx; const X509_PURPOSE *pt; - if (!X509v3_cache_extensions(x, NULL, NULL)) + if (!x509v3_cache_extensions(x)) return -1; /* Return if side-effect only call */ @@ -375,7 +375,7 @@ static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) * e.g., if cert 'x' is self-issued, in x->ex_flags and other internal fields. * Set EXFLAG_INVALID and return 0 in case the certificate is invalid. */ -int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) +int x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; PROXY_CERT_INFO_EXTENSION *pci; @@ -384,7 +384,6 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) EXTENDED_KEY_USAGE *extusage; X509_EXTENSION *ex; int i; - EVP_MD *sha1; #ifdef tsan_ld_acq /* fast lock-free check, see end of the function for details. */ @@ -398,13 +397,8 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) return (x->ex_flags & EXFLAG_INVALID) == 0; } - /* Cache the SHA1 digest of the cert */ - sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - if (sha1 != NULL) { - if (!X509_digest(x, sha1, x->sha1_hash, NULL)) + if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) x->ex_flags |= EXFLAG_INVALID; - EVP_MD_free(sha1); - } /* V1 should mean no extensions ... */ if (X509_get_version(x) == 0) @@ -636,7 +630,7 @@ void X509_set_proxy_pathlen(X509 *x, long l) int X509_check_ca(X509 *x) { /* Note 0 normally means "not a CA" - but in this case means error. */ - if (!X509v3_cache_extensions(x, NULL, NULL)) + if (!x509v3_cache_extensions(x)) return 0; return check_ca(x); @@ -846,19 +840,17 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * Returns 0 for OK, or positive for reason for mismatch * where reason codes match those for X509_verify_cert(). */ -int x509_check_issued_int(X509 *issuer, X509 *subject, - OPENSSL_CTX *libctx, const char *propq) +int X509_check_issued(X509 *issuer, X509 *subject) { int ret; - if ((ret = x509_likely_issued(issuer, subject, libctx, propq)) != X509_V_OK) + if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) return ret; return x509_signing_allowed(issuer, subject); } /* do the checks 1., 2., and 3. as described above for X509_check_issued() */ -int x509_likely_issued(X509 *issuer, X509 *subject, - OPENSSL_CTX *libctx, const char *propq) +int x509_likely_issued(X509 *issuer, X509 *subject) { int ret; @@ -867,8 +859,8 @@ int x509_likely_issued(X509 *issuer, X509 *subject, return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; /* set issuer->skid and subject->akid */ - if (!X509v3_cache_extensions(issuer, libctx, propq) - || !X509v3_cache_extensions(subject, libctx, propq)) + if (!x509v3_cache_extensions(issuer) + || !x509v3_cache_extensions(subject)) return X509_V_ERR_UNSPECIFIED; ret = X509_check_akid(issuer, subject->akid); @@ -896,11 +888,6 @@ int x509_signing_allowed(const X509 *issuer, const X509 *subject) return X509_V_OK; } -int X509_check_issued(X509 *issuer, X509 *subject) -{ - return x509_check_issued_int(issuer, subject, NULL, NULL); -} - int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid) { if (akid == NULL) diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index c0543adf1e..512c7ae13e 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -12,14 +12,17 @@ #include #include -int X509_STORE_set_default_paths(X509_STORE *ctx) +int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx, + OPENSSL_CTX *libctx, + const char *propq) { X509_LOOKUP *lookup; lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); if (lookup == NULL) return 0; - X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + X509_LOOKUP_load_file_with_libctx(lookup, NULL, X509_FILETYPE_DEFAULT, + libctx, propq); lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) @@ -29,26 +32,37 @@ int X509_STORE_set_default_paths(X509_STORE *ctx) lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store()); if (lookup == NULL) return 0; - X509_LOOKUP_add_store(lookup, NULL); + X509_LOOKUP_add_store_with_libctx(lookup, NULL, libctx, propq); /* clear any errors */ ERR_clear_error(); return 1; } +int X509_STORE_set_default_paths(X509_STORE *ctx) +{ + return X509_STORE_set_default_paths_with_libctx(ctx, NULL, NULL); +} -int X509_STORE_load_file(X509_STORE *ctx, const char *file) +int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file, + OPENSSL_CTX *libctx, const char *propq) { X509_LOOKUP *lookup; if (file == NULL || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file())) == NULL - || X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) == 0) + || X509_LOOKUP_load_file_with_libctx(lookup, file, X509_FILETYPE_PEM, + libctx, propq) == 0) return 0; return 1; } +int X509_STORE_load_file(X509_STORE *ctx, const char *file) +{ + return X509_STORE_load_file_with_libctx(ctx, file, NULL, NULL); +} + int X509_STORE_load_path(X509_STORE *ctx, const char *path) { X509_LOOKUP *lookup; @@ -61,26 +75,40 @@ int X509_STORE_load_path(X509_STORE *ctx, const char *path) return 1; } -int X509_STORE_load_store(X509_STORE *ctx, const char *uri) +int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *uri, + OPENSSL_CTX *libctx, const char *propq) { X509_LOOKUP *lookup; if (uri == NULL || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store())) == NULL - || X509_LOOKUP_add_store(lookup, uri) == 0) + || X509_LOOKUP_add_store_with_libctx(lookup, uri, libctx, propq) == 0) return 0; return 1; } -int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *path) +int X509_STORE_load_store(X509_STORE *ctx, const char *uri) +{ + return X509_STORE_load_store_with_libctx(ctx, uri, NULL, NULL); +} + +int X509_STORE_load_locations_with_libctx(X509_STORE *ctx, const char *file, + const char *path, + OPENSSL_CTX *libctx, const char *propq) { if (file == NULL && path == NULL) return 0; - if (file != NULL && !X509_STORE_load_file(ctx, file)) + if (file != NULL && !X509_STORE_load_file_with_libctx(ctx, file, + libctx, propq)) return 0; if (path != NULL && !X509_STORE_load_path(ctx, path)) return 0; return 1; } + +int X509_STORE_load_locations(X509_STORE *ctx, const char *file, + const char *path) +{ + return X509_STORE_load_locations_with_libctx(ctx, file, path, NULL, NULL); +} diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h index a1fe4203b9..e944d16afe 100644 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -87,6 +87,12 @@ struct x509_lookup_method_st { X509_OBJECT *ret); int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, int len, X509_OBJECT *ret); + int (*get_by_subject_with_libctx) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OPENSSL_CTX *libctx, const char *propq); + int (*ctrl_with_libctx) (X509_LOOKUP *ctx, int cmd, + const char *argc, long argl, char **ret, + OPENSSL_CTX *libctx, const char *propq); }; /* This is the functions plus an instance of the local variables. */ @@ -149,6 +155,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig); -int x509_likely_issued(X509 *issuer, X509 *subject, - OPENSSL_CTX *libctx, const char *propq); +int x509_likely_issued(X509 *issuer, X509 *subject); int x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 421f26ba16..e66cfb1825 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -76,25 +76,46 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) return 1; } -int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret) +int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret, + OPENSSL_CTX *libctx, const char *propq) { if (ctx->method == NULL) return -1; + if (ctx->method->ctrl_with_libctx != NULL) + return ctx->method->ctrl_with_libctx(ctx, cmd, argc, argl, ret, + libctx, propq); if (ctx->method->ctrl != NULL) return ctx->method->ctrl(ctx, cmd, argc, argl, ret); + return 1; +} + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret) +{ + return X509_LOOKUP_ctrl_with_libctx(ctx, cmd, argc, argl, ret, NULL, NULL); +} + +int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OPENSSL_CTX *libctx, const char *propq) +{ + if (ctx->skip + || ctx->method == NULL + || (ctx->method->get_by_subject == NULL + && ctx->method->get_by_subject_with_libctx == NULL)) + return 0; + if (ctx->method->get_by_subject_with_libctx != NULL) + return ctx->method->get_by_subject_with_libctx(ctx, type, name, ret, + libctx, propq); else - return 1; + return ctx->method->get_by_subject(ctx, type, name, ret); } int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) - return 0; - if (ctx->skip) - return 0; - return ctx->method->get_by_subject(ctx, type, name, ret); + return X509_LOOKUP_by_subject_with_libctx(ctx, type, name, ret, NULL, NULL); } int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, @@ -168,34 +189,33 @@ X509_STORE *X509_STORE_new(void) X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); return NULL; } if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) { - X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); goto err; } ret->cache = 1; if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) { - X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); goto err; } if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { - X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); goto err; } if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { - X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); goto err; } ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { - X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); goto err; } - ret->references = 1; return ret; @@ -315,7 +335,8 @@ int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, if (tmp == NULL || type == X509_LU_CRL) { for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); - j = X509_LOOKUP_by_subject(lu, type, name, &stmp); + j = X509_LOOKUP_by_subject_with_libctx(lu, type, name, &stmp, + vs->libctx, vs->propq); if (j) { tmp = &stmp; break; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3bd23d131c..012f932ee5 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -118,8 +118,7 @@ static int null_callback(int ok, X509_STORE_CTX *e) * to match issuer and subject names (i.e., the cert being self-issued) and any * present authority key identifier to match the subject key identifier, etc. */ -static int x509_self_signed_ex(X509 *cert, int verify_signature, - OPENSSL_CTX *libctx, const char *propq) +int X509_self_signed(X509 *cert, int verify_signature) { EVP_PKEY *pkey; @@ -127,24 +126,13 @@ static int x509_self_signed_ex(X509 *cert, int verify_signature, X509err(0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return -1; } - if (!X509v3_cache_extensions(cert, libctx, propq)) + if (!x509v3_cache_extensions(cert)) return -1; if ((cert->ex_flags & EXFLAG_SS) == 0) return 0; if (!verify_signature) return 1; - return X509_verify_ex(cert, pkey, libctx, propq); -} - -/* wrapper for internal use */ -static int cert_self_signed(X509_STORE_CTX *ctx, X509 *x, int verify_signature) -{ - return x509_self_signed_ex(x, verify_signature, ctx->libctx, ctx->propq); -} - -int X509_self_signed(X509 *cert, int verify_signature) -{ - return x509_self_signed_ex(cert, verify_signature, NULL, NULL); + return X509_verify(cert, pkey); } /* Given a certificate try and find an exact match in the store */ @@ -367,7 +355,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - if (x509_likely_issued(issuer, x, ctx->libctx, ctx->propq) != X509_V_OK) + if (x509_likely_issued(issuer, x) != X509_V_OK) return 0; if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) { int i; @@ -1825,7 +1813,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; if (!verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; - } else if (X509_verify_ex(xs, pkey, ctx->libctx, ctx->propq) <= 0) { + } else if (X509_verify(xs, pkey) <= 0) { ret = X509_V_ERR_CERT_SIGNATURE_FAILURE; if (!verify_cb_cert(ctx, xs, n, ret)) return 0; @@ -2871,7 +2859,7 @@ static int check_dane_pkeys(X509_STORE_CTX *ctx) if (t->usage != DANETLS_USAGE_DANE_TA || t->selector != DANETLS_SELECTOR_SPKI || t->mtype != DANETLS_MATCHING_FULL || - X509_verify_ex(cert, t->spki, ctx->libctx, ctx->propq) <= 0) + X509_verify(cert, t->spki) <= 0) continue; /* Clear any PKIX-?? matches that failed to extend to a full chain */ @@ -3013,7 +3001,7 @@ static int build_chain(X509_STORE_CTX *ctx) return 0; } - self_signed = cert_self_signed(ctx, cert, 0); + self_signed = X509_self_signed(cert, 0); if (self_signed < 0) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; @@ -3191,7 +3179,7 @@ static int build_chain(X509_STORE_CTX *ctx) search = 0; continue; } - self_signed = cert_self_signed(ctx, x, 0); + self_signed = X509_self_signed(x, 0); if (self_signed < 0) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; @@ -3317,7 +3305,7 @@ static int build_chain(X509_STORE_CTX *ctx) x = xtmp; ++ctx->num_untrusted; - self_signed = cert_self_signed(ctx, xtmp, 0); + self_signed = X509_self_signed(xtmp, 0); if (self_signed < 0) { sk_X509_free(sktmp); ctx->error = X509_V_ERR_UNSPECIFIED; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 6d7f341c7f..b06828f718 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -19,12 +19,12 @@ #include #include #include -#include "crypto/x509.h" #include #include #include #include #include "crypto/asn1.h" +#include "crypto/x509.h" static void clean_id_ctx(EVP_MD_CTX *ctx) { @@ -64,7 +64,7 @@ static EVP_MD_CTX *make_id_ctx(EVP_PKEY *r, ASN1_OCTET_STRING *id, return NULL; } -int X509_verify_ex(X509 *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq) +int X509_verify(X509 *a, EVP_PKEY *r) { int rv = 0; EVP_MD_CTX *ctx = NULL; @@ -74,7 +74,7 @@ int X509_verify_ex(X509 *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq) return 0; id = a->distinguishing_id; - if ((ctx = make_id_ctx(r, id, libctx, propq)) != NULL) { + if ((ctx = make_id_ctx(r, id, a->libctx, a->propq)) != NULL) { rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, &a->signature, &a->cert_info, ctx); clean_id_ctx(ctx); @@ -82,13 +82,8 @@ int X509_verify_ex(X509 *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq) return rv; } -int X509_verify(X509 *a, EVP_PKEY *r) -{ - return X509_verify_ex(a, r, NULL, NULL); -} - -int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, - const char *propq) +int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, + const char *propq) { int rv = 0; EVP_MD_CTX *ctx = NULL; @@ -105,7 +100,7 @@ int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) { - return X509_REQ_verify_ex(a, r, NULL, NULL); + return X509_REQ_verify_with_libctx(a, r, NULL, NULL); } int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) @@ -443,19 +438,19 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, return EVP_Digest(key->data, key->length, md, len, type, NULL); } -int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data, unsigned int *len) { - if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0 - && (data->ex_flags & EXFLAG_INVALID) == 0) { + if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0 + && (cert->ex_flags & EXFLAG_INVALID) == 0) { /* Asking for SHA1 and we already computed it. */ if (len != NULL) - *len = sizeof(data->sha1_hash); - memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); + *len = sizeof(cert->sha1_hash); + memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash)); return 1; } - return (ASN1_item_digest - (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); + return (asn1_item_digest_with_libctx(ASN1_ITEM_rptr(X509), md, (char *)cert, + data, len, cert->libctx, cert->propq)); } /* calculate cert digest using the same hash algorithm as in its signature */ diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 8a216c49cf..9358c46a7f 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -113,9 +113,38 @@ ASN1_SEQUENCE_ref(X509, x509_cb) = { ASN1_EMBED(X509, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509, X509) -IMPLEMENT_ASN1_FUNCTIONS(X509) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(X509, X509, X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509) +X509 *d2i_X509(X509 **a, const unsigned char **in, long len) +{ + X509 *cert = NULL; + + cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it())); + /* Only cache the extensions if the cert object was passed in */ + if (cert != NULL && a != NULL) { + if (!x509v3_cache_extensions(cert)) + cert = NULL; + } + return cert; +} +int i2d_X509(const X509 *a, unsigned char **out) +{ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, (X509_it())); +} + +X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq) +{ + X509 *cert = NULL; + + cert = (X509 *)ASN1_item_new((X509_it())); + if (cert != NULL) { + cert->libctx = libctx; + cert->propq = propq; + } + return cert; +} + int X509_set_ex_data(X509 *r, int idx, void *arg) { return CRYPTO_set_ex_data(&r->ex_data, idx, arg); diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index ad9544ebd1..64b15c18c8 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -32,19 +32,14 @@ unregister STORE loaders for different URI schemes /* struct ossl_store_loader_ctx_st is defined differently by each loader */ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; - typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, - const UI_METHOD *ui_method, - void *ui_data); + typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)( + const char *uri, const UI_METHOD *ui_method, void *ui_data); int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, OSSL_STORE_open_fn store_open_function); - typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)(const OSSL_STORE_LOADER - *loader, - BIO *bio, - OPENSSL_CTX *libctx, - const char *propq, - const UI_METHOD - *ui_method, - void *ui_data); + typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn) + (const OSSL_STORE_LOADER *loader, BIO *bio, + OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, OSSL_STORE_attach_fn attach_function); typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, diff --git a/doc/man3/OSSL_STORE_attach.pod b/doc/man3/OSSL_STORE_attach.pod index 7df2804964..ae31202141 100644 --- a/doc/man3/OSSL_STORE_attach.pod +++ b/doc/man3/OSSL_STORE_attach.pod @@ -8,8 +8,8 @@ OSSL_STORE_attach - Functions to read objects from a BIO #include - OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, OPENSSL_CTX *libctx, - const char *scheme, const char *propq, + OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme, + OPENSSL_CTX *libctx, const char *propq, const UI_METHOD *ui_method, void *ui_data, OSSL_STORE_post_process_info_fn post_process, void *post_process_data); diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 917a97822d..ef1a934194 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -2,9 +2,11 @@ =head1 NAME -OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, -OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, -OSSL_STORE_close - Types and functions to read objects from a URI +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, +OSSL_STORE_open, OSSL_STORE_open_with_libctx, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, +OSSL_STORE_error, OSSL_STORE_close +- Types and functions to read objects from a URI =head1 SYNOPSIS @@ -19,6 +21,11 @@ OSSL_STORE_close - Types and functions to read objects from a URI void *ui_data, OSSL_STORE_post_process_info_fn post_process, void *post_process_data); + OSSL_STORE_CTX *OSSL_STORE_open_with_libctx + (const char *uri, OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, void *post_process_data); + int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); @@ -41,15 +48,17 @@ described in L. =head2 Types B is a context variable that holds all the internal -information for OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and -OSSL_STORE_close() to work together. +information for OSSL_STORE_open(), OSSL_STORE_open_with_libctx(), +OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() to work +together. =head2 Functions -OSSL_STORE_open() takes a uri or path I, password UI method +OSSL_STORE_open_with_libctx() takes a uri or path I, password UI method I with associated data I, and post processing callback I with associated data I, -opens a channel to the data located at that URI and returns a +a library context I with an associated property query , +and opens a channel to the data located at the URI and returns a B with all necessary internal information. The given I and I will be reused by all functions that use B when interaction is needed, @@ -61,6 +70,9 @@ will cause OSSL_STORE_load() to start its process over with loading the next object, until I returns something other than NULL, or the end of data is reached as indicated by OSSL_STORE_eof(). +OSSL_STORE_open() is similar to OSSL_STORE_open_with_libctx() but uses NULL for +the library context I and property query . + OSSL_STORE_ctrl() takes a B, and command number I and more arguments not specified here. The available loader specific command numbers and arguments they each @@ -81,8 +93,8 @@ Any other value is an error. =back -OSSL_STORE_load() takes a B, tries to load the next available -object and return it wrapped with B. +OSSL_STORE_load() takes a B and tries to load the next +available object and return it wrapped with B. OSSL_STORE_eof() takes a B and checks if we've reached the end of data. @@ -127,8 +139,8 @@ See L for further information. OSSL_STORE_open() returns a pointer to a B on success, or NULL on failure. -OSSL_STORE_load() returns a pointer to a B on success, or -NULL on error or when end of data is reached. +OSSL_STORE_load() returns a pointer to a B on success, or NULL +on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a returned NULL. @@ -147,6 +159,8 @@ L =head1 HISTORY +OSSL_STORE_open_with_libctx() was added in OpenSSL 3.0. + OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1. diff --git a/doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod b/doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod new file mode 100644 index 0000000000..6c729109e3 --- /dev/null +++ b/doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod @@ -0,0 +1,65 @@ +=pod + +=head1 NAME + +PEM_X509_INFO_read_bio_with_libctx, PEM_X509_INFO_read_with_libctx +- read a PEM-encoded data structure from a bio into one or more B +object's + +=head1 SYNOPSIS + + #include + + STACK_OF(X509_INFO) *PEM_X509_INFO_read_with_libctx(FILE *fp, + STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, + void *u, + OPENSSL_CTX *libctx, + const char *propq); + + STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_with_libctx(BIO *bio, + STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, + void *u, + OPENSSL_CTX *libctx, + const char *propq); + +=head1 DESCRIPTION + +The loaded B object's can contain a CRL, a certificate and a +corresponding private key. + +PEM_X509_INFO_read_with_libctx() loads the B objects from a file I. +The library context I and property query are used for fetching +algorithms from providers. + +PEM_X509_INFO_read_bio_with_libctx loads the B objects using a bio +I. The library context I and property query are used for +fetching algorithms from providers. + + +=head1 RETURN VALUES + +PEM_X509_INFO_read_with_libctx() and PEM_X509_INFO_read_bio_with_libctx() return +a stack of B objects or NULL on failure. + +=head1 SEE ALSO + +L, +L + +=head1 HISTORY + +The functions PEM_X509_INFO_read_with_libctx() and +PEM_X509_INFO_read_bio_with_libctx() were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 65ba8a8a83..960a7df89e 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -425,6 +425,16 @@ The write routines return 1 for success or 0 for failure. Although the PEM routines take several arguments in almost all applications most of them are set to 0 or NULL. +To read a certificate with a library context in PEM format from a BIO: + + X509 *x = X509_new_with_libctx(libctx, NULL); + + if (x == NULL) + /* Error */ + + if (PEM_read_bio_X509(bp, &x, 0, NULL) == NULL) + /* Error */ + Read a certificate in PEM format from a BIO: X509 *x; diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod index 488bb61c13..892e362a65 100644 --- a/doc/man3/SSL_load_client_CA_file.pod +++ b/doc/man3/SSL_load_client_CA_file.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_load_client_CA_file, +SSL_load_client_CA_file_with_libctx, SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack, SSL_add_store_cert_subjects_to_stack @@ -12,6 +12,9 @@ SSL_add_store_cert_subjects_to_stack #include + STACK_OF(X509_NAME) *SSL_load_client_CA_file_with_libctx(const char *file, + OPENSSL_CTX *libctx, + const char *propq); STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, @@ -23,8 +26,12 @@ SSL_add_store_cert_subjects_to_stack =head1 DESCRIPTION -SSL_load_client_CA_file() reads certificates from I and returns -a STACK_OF(X509_NAME) with the subject names found. +SSL_load_client_CA_file_with_libctx() reads certificates from I and returns +a STACK_OF(X509_NAME) with the subject names found. The library context I +and property query are used when fetching algorithms from providers. + +SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_with_libctx() +but uses NULL for the library context I and property query . SSL_add_file_cert_subjects_to_stack() reads certificates from I, and adds their subject name to the already existing I. @@ -84,7 +91,8 @@ L =head1 HISTORY -SSL_add_store_cert_subjects_to_stack() was added in OpenSSL 3.0. +SSL_load_client_CA_file_with_libctx() and SSL_add_store_cert_subjects_to_stack() +were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod index bd7470d2ba..a89b94aa48 100644 --- a/doc/man3/X509_LOOKUP.pod +++ b/doc/man3/X509_LOOKUP.pod @@ -6,10 +6,13 @@ X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, -X509_LOOKUP_ctrl, -X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_add_store, -X509_LOOKUP_load_store, -X509_LOOKUP_get_store, X509_LOOKUP_by_subject, +X509_LOOKUP_ctrl_with_libctx, X509_LOOKUP_ctrl, +X509_LOOKUP_load_file_with_libctx, X509_LOOKUP_load_file, +X509_LOOKUP_add_dir, +X509_LOOKUP_add_store_with_libctx, X509_LOOKUP_add_store, +X509_LOOKUP_load_store_with_libctx, X509_LOOKUP_load_store, +X509_LOOKUP_get_store, +X509_LOOKUP_by_subject_with_libctx, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias - OpenSSL certificate lookup mechanisms @@ -30,15 +33,29 @@ X509_LOOKUP_by_alias int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); + int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret, OPENSSL_CTX *libctx, + const char *propq); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); + int X509_LOOKUP_load_file_with_libctx(X509_LOOKUP *ctx, char *name, long type, + OPENSSL_CTX *libctx, const char *propq); int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); + int X509_LOOKUP_load_file_with_libctx(X509_LOOKUP *ctx, char *name, long type, + OPENSSL_CTX *libctx, const char *propq); int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); + int X509_LOOKUP_add_store_with_libctx(X509_LOOKUP *ctx, char *uri, + OPENSSL_CTX *libctx, const char *propq); int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri); + int X509_LOOKUP_load_store_with_libctx(X509_LOOKUP *ctx, char *uri, + OPENSSL_CTX *libctx, const char *propq); int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); + int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OPENSSL_CTX *libctx, const char *propq); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, @@ -74,22 +91,30 @@ X509_LOOKUP_set_method_data() and X509_LOOKUP_get_method_data() associates and retrieves a pointer to application data to and from the given B, respectively. -X509_LOOKUP_ctrl() is used to set or get additional data to or from a -B structure or its associated L. +X509_LOOKUP_ctrl_with_libctx() is used to set or get additional data to or from +a B structure or its associated L. The arguments of the control command are passed via I and I, -its return value via I<*ret>. +its return value via I<*ret>. The library context I and property +query are used when fetching algorithms from providers. The meaning of the arguments depends on the I number of the control command. In general, this function is not called directly, but wrapped by a macro call, see below. The control Is known to OpenSSL are discussed in more depth in L. -X509_LOOKUP_load_file() passes a filename to be loaded immediately -into the associated B. +X509_LOOKUP_ctrl() is similar to X509_LOOKUP_ctrl_with_libctx() but +uses NULL for the library context I and property query . + +X509_LOOKUP_load_file_with_libctx() passes a filename to be loaded immediately +into the associated B. The library context I and property +query are used when fetching algorithms from providers. I indicates what type of object is expected. This can only be used with a lookup using the implementation L. +X509_LOOKUP_load_file() is similar to X509_LOOKUP_load_file_with_libctx() but +uses NULL for the library context I and property query . + X509_LOOKUP_add_dir() passes a directory specification from which certificates and CRLs are loaded on demand into the associated B. @@ -97,38 +122,50 @@ I indicates what type of object is expected. This can only be used with a lookup using the implementation L. -X509_LOOKUP_add_store() passes a URI for a directory-like structure +X509_LOOKUP_add_store_with_libctx() passes a URI for a directory-like structure from which containers with certificates and CRLs are loaded on demand -into the associated B. -X509_LOOKUP_load_store() passes a URI for a single container from +into the associated B. The library context I and property +query are used when fetching algorithms from providers. + +X509_LOOKUP_add_store() is similar to X509_LOOKUP_add_store_with_libctx() but +uses NULL for the library context I and property query . + +X509_LOOKUP_load_store_with_libctx() passes a URI for a single container from which certificates and CRLs are immediately loaded into the associated -B. +B. The library context I and property query are used +when fetching algorithms from providers. These functions can only be used with a lookup using the implementation L. -X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(), -X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented -as macros that use X509_LOOKUP_ctrl(). +X509_LOOKUP_load_store() is similar to X509_LOOKUP_load_store_with_libctx() but +uses NULL for the library context I and property query . -X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), -X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up -certificates and CRLs in the L associated with the -B using different criteria, where the looked up object is -stored in I. +X509_LOOKUP_load_file_with_libctx(), X509_LOOKUP_load_file(), +X509_LOOKUP_add_dir(), +X509_LOOKUP_add_store_with_libctx() X509_LOOKUP_add_store(), +X509_LOOKUP_load_store_with_libctx() and X509_LOOKUP_load_store() are +implemented as macros that use X509_LOOKUP_ctrl(). + +X509_LOOKUP_by_subject_with_libctx(), X509_LOOKUP_by_subject(), +X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and +X509_LOOKUP_by_alias() look up certificates and CRLs in the L +associated with the B using different criteria, where the looked up +object is stored in I. Some of the underlying Bs will also cache objects matching the criteria in the associated B, which makes it possible to handle cases where the criteria have more than one hit. =head2 Control Commands -The Bs built into OpenSSL recognise the following +The Bs built into OpenSSL recognize the following X509_LOOKUP_ctrl() Is: =over 4 =item B -This is the command that X509_LOOKUP_load_file() uses. +This is the command that X509_LOOKUP_load_file_with_libctx() and +X509_LOOKUP_load_file() use. The filename is passed in I, and the type in I. =item B @@ -139,12 +176,14 @@ I. =item B -This is the command that X509_LOOKUP_add_store() uses. +This is the command that X509_LOOKUP_add_store_with_libctx() and +X509_LOOKUP_add_store() use. The URI is passed in I. =item B -This is the command that X509_LOOKUP_load_store() uses. +This is the command that X509_LOOKUP_load_store_with_libctx() and +X509_LOOKUP_load_store() use. The URI is passed in I. =back @@ -167,10 +206,10 @@ error. X509_LOOKUP_get_store() returns a B pointer if there is one, otherwise NULL. -X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), -X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0 -if there is no B or that method doesn't implement -the corresponding function. +X509_LOOKUP_by_subject_with_libctx(), X509_LOOKUP_by_subject(), +X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and +X509_LOOKUP_by_alias() all return 0 if there is no B or that +method doesn't implement the corresponding function. Otherwise, it returns what the corresponding function in the B returns, which is usually 1 on success and 0 in error. @@ -179,6 +218,15 @@ error. L, L +=head1 HISTORY + +The functions X509_LOOKUP_by_subject_with_libctx() and +X509_LOOKUP_ctrl_with_libctx() were added in OpenSSL 3.0. + +The macros X509_LOOKUP_load_file_with_libctx(), +X509_LOOKUP_load_store_with_libctx() and 509_LOOKUP_add_store_with_libctx() were +added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod index 199afa3658..7077b9b59e 100644 --- a/doc/man3/X509_LOOKUP_hash_dir.pod +++ b/doc/man3/X509_LOOKUP_hash_dir.pod @@ -3,10 +3,10 @@ =head1 NAME X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, -X509_load_cert_file, +X509_load_cert_file_with_libctx, X509_load_cert_file, X509_load_crl_file, -X509_load_cert_crl_file - Default OpenSSL certificate -lookup methods +X509_load_cert_crl_file_with_libctx, X509_load_cert_crl_file +- Default OpenSSL certificate lookup methods =head1 SYNOPSIS @@ -16,8 +16,14 @@ lookup methods X509_LOOKUP_METHOD *X509_LOOKUP_file(void); X509_LOOKUP_METHOD *X509_LOOKUP_store(void); + int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, + int type, OPENSSL_CTX *libctx, + const char *propq); int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file, + int type, OPENSSL_CTX *libctx, + const char *propq); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); =head1 DESCRIPTION @@ -145,7 +151,9 @@ L =head1 HISTORY -B was added in OpenSSL 3.0. +The functions X509_load_cert_file_with_libctx(), +X509_load_cert_crl_file_with_libctx() and X509_LOOKUP_store() were added in +OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index ce50e368e7..011cd94711 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -6,9 +6,10 @@ X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, -X509_STORE_load_file, X509_STORE_load_path, X509_STORE_load_store, -X509_STORE_set_default_paths, -X509_STORE_load_locations +X509_STORE_load_file_with_libctx, X509_STORE_load_file, X509_STORE_load_path, +X509_STORE_load_store_with_libctx, X509_STORE_load_store, +X509_STORE_set_default_paths_with_libctx, X509_STORE_set_default_paths, +X509_STORE_load_locations_with_libctx, X509_STORE_load_locations - X509_STORE manipulation =head1 SYNOPSIS @@ -27,11 +28,21 @@ X509_STORE_load_locations X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, X509_LOOKUP_METHOD *meth); + int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx, + OPENSSL_CTX *libctx, + const char *propq); int X509_STORE_set_default_paths(X509_STORE *ctx); + int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file, + OPENSSL_CTX *libctx, const char *propq); int X509_STORE_load_file(X509_STORE *ctx, const char *file); int X509_STORE_load_path(X509_STORE *ctx, const char *dir); + int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *uri, + OPENSSL_CTX *libctx, const char *propq); int X509_STORE_load_store(X509_STORE *ctx, const char *uri); - + int X509_STORE_load_locations_with_libctx(X509_STORE *ctx, + const char *file, const char *dir, + OPENSSL_CTX *libctx, + const char *propq); int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); @@ -82,35 +93,54 @@ L I and adds it to the B I. This also associates the B with the lookup, so B functions can look up objects in that store. -X509_STORE_load_file() loads trusted certificate(s) into an -B from a given file. +X509_STORE_load_file_with_libctx() loads trusted certificate(s) into an +B from a given file. The library context I and property +query are used when fetching algorithms from providers. + +X509_STORE_load_file() is similar to X509_STORE_load_file_with_libctx() but +uses NULL for the library context I and property query . X509_STORE_load_path() loads trusted certificate(s) into an B from a given directory path. The certificates in the directory must be in hashed form, as documented in L. -X509_STORE_load_store() loads trusted certificate(s) into an -B from a store at a given URI. +X509_STORE_load_store_with_libctx() loads trusted certificate(s) into an +B from a store at a given URI. The library context I and +property query are used when fetching algorithms from providers. -X509_STORE_load_locations() combines X509_STORE_load_file() and -X509_STORE_load_dir() for a given file and/or directory path. +X509_STORE_load_store() is similar to X509_STORE_load_store_with_libctx() but +uses NULL for the library context I and property query . + +X509_STORE_load_locations_with_libctx() combines +X509_STORE_load_file_with_libctx() and X509_STORE_load_dir() for a given file +and/or directory path. It is permitted to specify just a file, just a directory, or both paths. -X509_STORE_set_default_paths() is somewhat misnamed, in that it does not -set what default paths should be used for loading certificates. Instead, +X509_STORE_load_locations() is similar to X509_STORE_load_locations_with_libctx() +but uses NULL for the library context I and property query . + +X509_STORE_set_default_paths_with_libctx() is somewhat misnamed, in that it does +not set what default paths should be used for loading certificates. Instead, it loads certificates into the B from the hardcoded default -paths. +paths. The library context I and property query are used when +fetching algorithms from providers. + +X509_STORE_set_default_paths() is similar to +X509_STORE_set_default_paths_with_libctx() but uses NULL for the library +context I and property query . =head1 RETURN VALUES X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(), -X509_STORE_set_flags(), X509_STORE_set_purpose(), -X509_STORE_set_trust(), X509_STORE_load_file(), -X509_STORE_load_path(), X509_STORE_load_store(), -X509_STORE_load_locations(), and X509_STORE_set_default_paths() return -1 on success or 0 on failure. +X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), +X509_STORE_load_file_with_libctx(), X509_STORE_load_file(), +X509_STORE_load_path(), +X509_STORE_load_store_with_libctx(), X509_STORE_load_store(), +X509_STORE_load_locations_with_libctx(), X509_STORE_load_locations(), +X509_STORE_set_default_paths_with_libctx() and X509_STORE_set_default_paths() +return 1 on success or 0 on failure. X509_STORE_add_lookup() returns the found or created L, or NULL on error. @@ -122,6 +152,12 @@ L. L, L +=head1 HISTORY + +The functions X509_STORE_set_default_paths_with_libctx(), +X509_STORE_load_file_with_libctx(), X509_STORE_load_store_with_libctx() and +X509_STORE_load_locations_with_libctx() were added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/X509_STORE_new.pod b/doc/man3/X509_STORE_new.pod index ccc3b06061..31d466faa4 100644 --- a/doc/man3/X509_STORE_new.pod +++ b/doc/man3/X509_STORE_new.pod @@ -2,8 +2,9 @@ =head1 NAME -X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, -X509_STORE_unlock - X509_STORE allocation, freeing and locking functions +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, +X509_STORE_lock,X509_STORE_unlock +- X509_STORE allocation, freeing and locking functions =head1 SYNOPSIS @@ -48,7 +49,7 @@ functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod index e6967dc04d..798f7a7760 100644 --- a/doc/man3/X509_new.pod +++ b/doc/man3/X509_new.pod @@ -3,13 +3,15 @@ =head1 NAME X509_chain_up_ref, -X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions +X509_new, X509_new_with_libctx, +X509_free, X509_up_ref - X509 certificate ASN1 allocation functions =head1 SYNOPSIS #include X509 *X509_new(void); + X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq); void X509_free(X509 *a); int X509_up_ref(X509 *a); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); @@ -19,8 +21,15 @@ X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions The X509 ASN1 allocation routines, allocate and free an X509 structure, which represents an X509 certificate. -X509_new() allocates and initializes a X509 structure with reference count -B<1>. +X509_new_with_libctx() allocates and initializes a X509 structure with a +library context of I, property query of and a reference +count of B<1>. Many X509 functions such as X509_check_purpose(), and +X509_verify() use this library context to select which providers supply the +fetched algorithms (SHA1 is used internally). + +X509_new() is similar to X509_new_with_libctx() but sets the library context +and property query to NULL. This results in the default (NULL) library context +being used for any X509 operations requiring algorithm fetches. X509_free() decrements the reference count of B structure B and frees it up if the reference count is zero. If B is NULL nothing is done. @@ -71,6 +80,10 @@ L, L, L +=head1 HISTORY + +The function X509_new_with_libctx() was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod index 5f621a11e4..a97cbebbef 100644 --- a/doc/man3/X509_sign.pod +++ b/doc/man3/X509_sign.pod @@ -54,8 +54,8 @@ L, L, L, L, -L, L, -L, L, +L, +L, L, L =head1 HISTORY diff --git a/doc/man3/X509_verify.pod b/doc/man3/X509_verify.pod index e0028473a2..2c8fb0059e 100644 --- a/doc/man3/X509_verify.pod +++ b/doc/man3/X509_verify.pod @@ -2,8 +2,8 @@ =head1 NAME -X509_verify_ex, X509_verify, X509_self_signed, -X509_REQ_verify_ex, X509_REQ_verify, +X509_verify, X509_self_signed, +X509_REQ_verify_with_libctx, X509_REQ_verify, X509_CRL_verify - verify certificate, certificate request, or CRL signature @@ -11,26 +11,19 @@ verify certificate, certificate request, or CRL signature #include - int X509_verify_ex(X509 *x, EVP_PKEY *pkey, - OPENSSL_CTX *libctx, const char *propq); int X509_verify(X509 *x, EVP_PKEY *pkey); int X509_self_signed(X509 *cert, int verify_signature); - int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, - OPENSSL_CTX *libctx, const char *propq); + int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *pkey, + OPENSSL_CTX *libctx, const char *propq); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); =head1 DESCRIPTION -X509_verify_ex() verifies the signature of certificate I using public key -I. Any cryptographic algorithms required for the verification are fetched -using the library context I and the property query string I. -Only the signature is checked: -no other checks (such as certificate chain validity) are performed. - -X509_verify() is the same as X509_verify_ex() except that the default library -context and property query string are used. +X509_verify() verifies the signature of certificate I using public key +I. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. X509_self_signed() checks whether a certificate is self-signed. For success the issuer and subject names must match, the components of the @@ -38,13 +31,13 @@ authority key identifier (if present) must match the subject key identifier etc. The signature itself is actually verified only if B is 1, as for explicitly trusted certificates this verification is not worth the effort. -X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify() +X509_REQ_verify_with_libctx(), X509_REQ_verify() and X509_CRL_verify() verify the signatures of certificate requests and CRLs, respectively. =head1 RETURN VALUES -X509_verify_ex(), X509_verify(), -X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify() +X509_verify(), +X509_REQ_verify_with_libctx(), X509_REQ_verify() and X509_CRL_verify() return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was ill-formed or some other error occurred then -1 is returned. @@ -75,8 +68,7 @@ L The X509_verify(), X509_REQ_verify(), and X509_CRL_verify() functions are available in all versions of OpenSSL. -X509_verify_ex(), X509_REQ_verify_ex(), and X509_self_signed() -were added in OpenSSL 3.0. +X509_REQ_verify_with_libctx(), and X509_self_signed() were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/X509v3_cache_extensions.pod b/doc/man3/X509v3_cache_extensions.pod deleted file mode 100644 index 766ab50d28..0000000000 --- a/doc/man3/X509v3_cache_extensions.pod +++ /dev/null @@ -1,44 +0,0 @@ -=pod - -=head1 NAME - -X509v3_cache_extensions -- cache info on various X.509v3 extensions and further derived certificate data - -=head1 SYNOPSIS - - #include - - int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq); - -=head1 DESCRIPTION - -This function processes any X509v3 extensions that might be present in an X509 -object and caches the result of that processing as well as further derived info, -for instance if the certificate is self-issued. Many OpenSSL functions that use -an X509 object will cause extensions to be processed and cached implicitly. If -this is done implicitly then the default library context and property query -string will be used. In some cases it may be desirable to use some other library -context and property query string. If so then an application can call -X509v3_cache_extensions() explicitly. This should be done before any function -that needs to use those extensions is called - otherwise calling -X509v3_cache_extensions() will have no effect. Typically this means calling this -soon after creation of the X509 object. The X509 object to be processed is -given in I and the library context and property query string to use are given -in I and I. - -=head1 RETURN VALUES - -This function returns 0 if the extensions are invalid or an error occurred. -Otherwise it returns 1. - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/x509.pod b/doc/man7/x509.pod index 095203c912..b2d2902744 100644 --- a/doc/man7/x509.pod +++ b/doc/man7/x509.pod @@ -52,6 +52,7 @@ L, L, L, L, +L, L, L, L, @@ -62,7 +63,7 @@ L =head1 COPYRIGHT -Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/store.h b/include/crypto/store.h index c47581a508..8bd2bc022f 100644 --- a/include/crypto/store.h +++ b/include/crypto/store.h @@ -14,16 +14,6 @@ # include # include -/* - * Two functions to read PEM data off an already opened BIO. To be used - * instead of OSSLSTORE_open() and OSSLSTORE_close(). Everything is done - * as usual with OSSLSTORE_load() and OSSLSTORE_eof(). - */ -OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, - void *ui_data, OPENSSL_CTX *libctx, - const char *propq); -int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); - void ossl_store_cleanup_int(void); #endif diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 611713f221..71a67df650 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -189,6 +189,9 @@ struct x509_st { /* Set on live certificates for authentication purposes */ ASN1_OCTET_STRING *distinguishing_id; + + OPENSSL_CTX *libctx; + const char *propq; } /* X509 */ ; /* @@ -295,9 +298,11 @@ struct x509_object_st { int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags); +int x509v3_cache_extensions(X509 *x); void x509_init_sig_info(X509 *x); - -int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx, - const char *propq); +int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *type, + void *data, unsigned char *md, + unsigned int *len, OPENSSL_CTX *libctx, + const char *propq); diff --git a/include/openssl/pem.h b/include/openssl/pem.h index fb63b93db8..f4989e3987 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -286,6 +286,11 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_bio_with_libctx(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); + int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, const unsigned char *kstr, int klen, pem_password_cb *cd, void *u); @@ -303,6 +308,10 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, pem_password_cb *callback, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, + OPENSSL_CTX *libctx, const char *propq); #endif int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c030346760..bc003bc4fa 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1629,6 +1629,9 @@ __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur STACK_OF(X509_NAME) +*SSL_load_client_CA_file_with_libctx(const char *file, + OPENSSL_CTX *libctx, const char *propq); __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, diff --git a/include/openssl/store.h b/include/openssl/store.h index ffea2df15b..d5e72a0963 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -57,6 +57,11 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, OSSL_STORE_post_process_info_fn post_process, void *post_process_data); +OSSL_STORE_CTX *OSSL_STORE_open_with_libctx + (const char *uri, OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, void *post_process_data); + /* * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to @@ -115,8 +120,8 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx); * Note that this function is considered unsafe, all depending on what the * BIO actually reads. */ -OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, OPENSSL_CTX *libctx, - const char *scheme, const char *propq, +OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme, + OPENSSL_CTX *libctx, const char *propq, const UI_METHOD *ui_method, void *ui_data, OSSL_STORE_post_process_info_fn post_process, void *post_process_data); @@ -239,21 +244,20 @@ const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); /* struct ossl_store_loader_ctx_st is defined differently by each loader */ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; -typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER - *loader, - const char *uri, - const UI_METHOD *ui_method, - void *ui_data); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn) + (const OSSL_STORE_LOADER *loader, const char *uri, + const UI_METHOD *ui_method, void *ui_data); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_with_libctx_fn) + (const OSSL_STORE_LOADER *loader, + const char *uri, OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); + int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, OSSL_STORE_open_fn open_function); -typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)(const OSSL_STORE_LOADER - *loader, - BIO *bio, - OPENSSL_CTX *libctx, - const char *propq, - const UI_METHOD - *ui_method, - void *ui_data); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn) + (const OSSL_STORE_LOADER *loader, BIO *bio, + OPENSSL_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, OSSL_STORE_attach_fn attach_function); typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, @@ -272,6 +276,7 @@ typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, void *ui_data); int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, OSSL_STORE_load_fn load_function); + typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, OSSL_STORE_eof_fn eof_function); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 2212ceeedc..935699a55a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -343,12 +343,11 @@ void *X509_CRL_get_meth_data(X509_CRL *crl); const char *X509_verify_cert_error_string(long n); -int X509_verify_ex(X509 *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq); int X509_verify(X509 *a, EVP_PKEY *r); int X509_self_signed(X509 *cert, int verify_signature); -int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, - const char *propq); +int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx, + const char *propq); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); @@ -558,6 +557,7 @@ int X509_NAME_set(X509_NAME **xn, const X509_NAME *name); DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) +X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq); DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) #define X509_get_ex_new_index(l, p, newf, dupf, freef) \ diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 5cd123f635..2d3bd70ae2 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -88,7 +88,6 @@ typedef STACK_OF(X509_CRL) const X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_STORE_CTX_set_app_data(ctx,data) \ @@ -113,6 +112,19 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_LOOKUP_load_store(x,name) \ X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL) +# define X509_LOOKUP_load_file_with_libctx(x, name, type, libctx, propq) \ +X509_LOOKUP_ctrl_with_libctx((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\ + (libctx), (propq)) + +# define X509_LOOKUP_load_store_with_libctx(x, name, libctx, propq) \ +X509_LOOKUP_ctrl_with_libctx((x), X509_L_LOAD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +# define X509_LOOKUP_add_store_with_libctx(x, name, libctx, propq) \ +X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + + # define X509_V_OK 0 # define X509_V_ERR_UNSPECIFIED 1 # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 @@ -404,10 +416,20 @@ X509_LOOKUP_METHOD *X509_LOOKUP_store(void); typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); +typedef int (*X509_LOOKUP_ctrl_with_libctx_fn)( + X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret, + OPENSSL_CTX *libctx, const char *propq); + typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_subject_with_libctx_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret, + OPENSSL_CTX *libctx, + const char *propq); typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, @@ -484,16 +506,27 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); +int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret, + OPENSSL_CTX *libctx, const char *propq); int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type, + OPENSSL_CTX *libctx, const char *propq); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file, + int type, OPENSSL_CTX *libctx, + const char *propq); X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OPENSSL_CTX *libctx, const char *propq); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, const ASN1_INTEGER *serial, @@ -516,6 +549,17 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); +int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file, + OPENSSL_CTX *libctx, const char *propq); +int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *store, + OPENSSL_CTX *libctx, const char *propq); +int X509_STORE_load_locations_with_libctx(X509_STORE *ctx, + const char *file, const char *dir, + OPENSSL_CTX *libctx, const char *propq); +int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx, + OPENSSL_CTX *libctx, + const char *propq); + #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 6a207f65d1..24f5a361d0 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -571,8 +571,6 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); -int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq); - void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a7f1e4d83a..8f5aaaf942 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4001,10 +4001,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 0; } } - if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) { - SSLerr(0, ERR_LIB_X509); - return 0; - } if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE); return 0; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e81542a89e..e6262bfaeb 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -257,18 +257,12 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) { int i, r; CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key; - SSL_CTX *realctx = s != NULL ? s->ctx : ctx; if (!cpk) return 0; for (i = 0; i < sk_X509_num(chain); i++) { X509 *x = sk_X509_value(chain, i); - if (!X509v3_cache_extensions(x, realctx->libctx, realctx->propq)) { - SSLerr(0, ERR_LIB_X509); - return 0; - } - r = ssl_security_cert(s, ctx, x, 0, 0); if (r != 1) { SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r); @@ -614,29 +608,39 @@ static unsigned long xname_hash(const X509_NAME *a) return X509_NAME_hash((X509_NAME *)a); } -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) +STACK_OF(X509_NAME) *SSL_load_client_CA_file_with_libctx(const char *file, + OPENSSL_CTX *libctx, + const char *propq) { BIO *in = BIO_new(BIO_s_file()); X509 *x = NULL; X509_NAME *xn = NULL; STACK_OF(X509_NAME) *ret = NULL; LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); + OPENSSL_CTX *prev_libctx = NULL; if ((name_hash == NULL) || (in == NULL)) { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); + SSLerr(0, ERR_R_MALLOC_FAILURE); goto err; } + x = X509_new_with_libctx(libctx, propq); + if (x == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } if (!BIO_read_filename(in, file)) goto err; + /* Internally lh_X509_NAME_retrieve() needs the libctx to retrieve SHA1 */ + prev_libctx = OPENSSL_CTX_set0_default(libctx); for (;;) { if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) break; if (ret == NULL) { ret = sk_X509_NAME_new_null(); if (ret == NULL) { - SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); + SSLerr(0, ERR_R_MALLOC_FAILURE); goto err; } } @@ -663,6 +667,8 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; done: + /* restore the old libctx */ + OPENSSL_CTX_set0_default(prev_libctx); BIO_free(in); X509_free(x); lh_X509_NAME_free(name_hash); @@ -671,6 +677,11 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) return ret; } +STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) +{ + return SSL_load_client_CA_file_with_libctx(file, NULL, NULL); +} + int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *file) { @@ -841,6 +852,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) X509_STORE_CTX *xs_ctx = NULL; STACK_OF(X509) *chain = NULL, *untrusted = NULL; X509 *x; + SSL_CTX *real_ctx = (s == NULL) ? ctx : s->ctx; int i, rv = 0; if (!cpk->x509) { @@ -872,10 +884,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) untrusted = cpk->chain; } - if (s == NULL) - xs_ctx = X509_STORE_CTX_new_with_libctx(ctx->libctx, ctx->propq); - else - xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq); + xs_ctx = X509_STORE_CTX_new_with_libctx(real_ctx->libctx, ctx->propq); if (xs_ctx == NULL) { SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE); goto err; diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index fe9b8ec3ea..56590da207 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -470,13 +470,23 @@ static int do_store(SSL_CONF_CTX *cctx, { CERT *cert; X509_STORE **st; + SSL_CTX *ctx; + OPENSSL_CTX *libctx = NULL; + const char *propq = NULL; - if (cctx->ctx) + if (cctx->ctx != NULL) { cert = cctx->ctx->cert; - else if (cctx->ssl) + ctx = cctx->ctx; + } else if (cctx->ssl != NULL) { cert = cctx->ssl->cert; - else + ctx = cctx->ssl->ctx; + } else { return 1; + } + if (ctx != NULL) { + libctx = ctx->libctx; + propq = ctx->propq; + } st = verify_store ? &cert->verify_store : &cert->chain_store; if (*st == NULL) { *st = X509_STORE_new(); @@ -484,11 +494,13 @@ static int do_store(SSL_CONF_CTX *cctx, return 0; } - if (CAfile != NULL && !X509_STORE_load_file(*st, CAfile)) + if (CAfile != NULL && !X509_STORE_load_file_with_libctx(*st, CAfile, + libctx, propq)) return 0; if (CApath != NULL && !X509_STORE_load_path(*st, CApath)) return 0; - if (CAstore != NULL && !X509_STORE_load_store(*st, CAstore)) + if (CAstore != NULL && !X509_STORE_load_store_with_libctx(*st, CAstore, + libctx, propq)) return 0; return 1; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c92e361cde..871606cfc1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4254,7 +4254,8 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { - return X509_STORE_set_default_paths(ctx->cert_store); + return X509_STORE_set_default_paths_with_libctx(ctx->cert_store, + ctx->libctx, ctx->propq); } int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) @@ -4286,7 +4287,8 @@ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) /* We ignore errors, in case the directory doesn't exist */ ERR_set_mark(); - X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + X509_LOOKUP_load_file_with_libctx(lookup, NULL, X509_FILETYPE_DEFAULT, + ctx->libctx, ctx->propq); ERR_pop_to_mark(); @@ -4304,7 +4306,7 @@ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx) /* We ignore errors, in case the directory doesn't exist */ ERR_set_mark(); - X509_LOOKUP_add_store(lookup, NULL); + X509_LOOKUP_add_store_with_libctx(lookup, NULL, ctx->libctx, ctx->propq); ERR_pop_to_mark(); @@ -4313,7 +4315,8 @@ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx) int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile) { - return X509_STORE_load_file(ctx->cert_store, CAfile); + return X509_STORE_load_file_with_libctx(ctx->cert_store, CAfile, + ctx->libctx, ctx->propq); } int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) @@ -4323,7 +4326,8 @@ int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) { - return X509_STORE_load_store(ctx->cert_store, CAstore); + return X509_STORE_load_store_with_libctx(ctx->cert_store, CAstore, + ctx->libctx, ctx->propq); } int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index 27ba7728d7..66f0bc5abe 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -28,6 +28,8 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) unsigned int flags; const SSL_METHOD *meth; const SSL_CONF_CMD *cmds; + OPENSSL_CTX *prev_libctx = NULL; + OPENSSL_CTX *libctx = NULL; if (s == NULL && ctx == NULL) { SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); @@ -53,15 +55,18 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) if (s != NULL) { meth = s->method; SSL_CONF_CTX_set_ssl(cctx, s); + libctx = s->ctx->libctx; } else { meth = ctx->method; SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + libctx = ctx->libctx; } if (meth->ssl_accept != ssl_undefined_function) flags |= SSL_CONF_FLAG_SERVER; if (meth->ssl_connect != ssl_undefined_function) flags |= SSL_CONF_FLAG_CLIENT; SSL_CONF_CTX_set_flags(cctx, flags); + prev_libctx = OPENSSL_CTX_set0_default(libctx); for (i = 0; i < cmd_count; i++) { char *cmdstr, *arg; @@ -79,6 +84,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) } rv = SSL_CONF_CTX_finish(cctx); err: + OPENSSL_CTX_set0_default(prev_libctx); SSL_CONF_CTX_free(cctx); return rv <= 0 ? 0 : 1; } diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 3df32b725b..144dd2c374 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -34,10 +34,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x) SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!X509v3_cache_extensions(x, ssl->ctx->libctx, ssl->ctx->propq)) { - SSLerr(0, ERR_LIB_X509); - return 0; - } + rv = ssl_security_cert(ssl, NULL, x, 0, 1); if (rv != 1) { SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv); @@ -52,7 +49,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) int j; BIO *in; int ret = 0; - X509 *x = NULL; + X509 *cert = NULL, *x = NULL; in = BIO_new(BIO_s_file()); if (in == NULL) { @@ -64,19 +61,29 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; } + + if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) { + SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + x = X509_new_with_libctx(ssl->ctx->libctx, ssl->ctx->propq); + if (x == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto end; + } if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; - x = d2i_X509_bio(in, NULL); + cert = d2i_X509_bio(in, &x); } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; - x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata); + cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback, + ssl->default_passwd_callback_userdata); } else { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; } - if (x == NULL) { + if (cert == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); goto end; } @@ -93,8 +100,14 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) X509 *x; int ret; - x = d2i_X509(NULL, &d, (long)len); + x = X509_new_with_libctx(ssl->ctx->libctx, ssl->ctx->propq); if (x == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (d2i_X509(&x, &d, (long)len)== NULL) { + X509_free(x); SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); return 0; } @@ -316,10 +329,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!X509v3_cache_extensions(x, ctx->libctx, ctx->propq)) { - SSLerr(0, ERR_LIB_X509); - return 0; - } + rv = ssl_security_cert(NULL, ctx, x, 0, 1); if (rv != 1) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); @@ -390,10 +400,10 @@ static int ssl_set_cert(CERT *c, X509 *x) int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { - int j; + int j = SSL_R_BAD_VALUE; BIO *in; int ret = 0; - X509 *x = NULL; + X509 *x = NULL, *cert = NULL; in = BIO_new(BIO_s_file()); if (in == NULL) { @@ -405,19 +415,24 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; } + if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + x = X509_new_with_libctx(ctx->libctx, ctx->propq); + if (x == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto end; + } if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; - x = d2i_X509_bio(in, NULL); + cert = d2i_X509_bio(in, &x); } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; - x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); - goto end; + cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); } - - if (x == NULL) { + if (cert == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); goto end; } @@ -434,8 +449,14 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) X509 *x; int ret; - x = d2i_X509(NULL, &d, (long)len); + x = X509_new_with_libctx(ctx->libctx, ctx->propq); if (x == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (d2i_X509(&x, &d, (long)len) == NULL) { + X509_free(x); SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); return 0; } @@ -610,6 +631,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) X509 *x = NULL; pem_password_cb *passwd_callback; void *passwd_callback_userdata; + SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx; ERR_clear_error(); /* clear error stack for * SSL_CTX_use_certificate() */ @@ -633,9 +655,13 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, - passwd_callback_userdata); + x = X509_new_with_libctx(real_ctx->libctx, real_ctx->propq); if (x == NULL) { + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE); + goto end; + } + if (PEM_read_bio_X509_AUX(in, &x, passwd_callback, + passwd_callback_userdata) == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; } @@ -667,23 +693,32 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, - passwd_callback_userdata)) - != NULL) { - if (ctx) - r = SSL_CTX_add0_chain_cert(ctx, ca); - else - r = SSL_add0_chain_cert(ssl, ca); - /* - * Note that we must not free ca if it was successfully added to - * the chain (while we must free the main certificate, since its - * reference count is increased by SSL_CTX_use_certificate). - */ - if (!r) { - X509_free(ca); - ret = 0; + while (1) { + ca = X509_new_with_libctx(real_ctx->libctx, real_ctx->propq); + if (ca == NULL) { + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE); goto end; } + if (PEM_read_bio_X509(in, &ca, passwd_callback, + passwd_callback_userdata) != NULL) { + if (ctx) + r = SSL_CTX_add0_chain_cert(ctx, ca); + else + r = SSL_add0_chain_cert(ssl, ca); + /* + * Note that we must not free ca if it was successfully added to + * the chain (while we must free the main certificate, since its + * reference count is increased by SSL_CTX_use_certificate). + */ + if (!r) { + X509_free(ca); + ret = 0; + goto end; + } + } else { + X509_free(ca); + break; + } } /* When the while loop ends, it's usually just EOF. */ err = ERR_peek_last_error(); @@ -1063,15 +1098,9 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr int j; int rv; CERT *c = ssl != NULL ? ssl->cert : ctx->cert; - SSL_CTX *actualctx = ssl == NULL ? ctx : ssl->ctx; STACK_OF(X509) *dup_chain = NULL; EVP_PKEY *pubkey = NULL; - if (!X509v3_cache_extensions(x509, actualctx->libctx, actualctx->propq)) { - SSLerr(0, ERR_R_X509_LIB); - goto out; - } - /* Do all security checks before anything else */ rv = ssl_security_cert(ssl, ctx, x509, 0, 1); if (rv != 1) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index d7722d76e0..4cd85ef609 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1858,12 +1858,20 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } certstart = certbytes; - x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len); + x = X509_new_with_libctx(s->ctx->libctx, s->ctx->propq); if (x == NULL) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + if (d2i_X509(&x, (const unsigned char **)&certbytes, + cert_len) == NULL) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); goto err; } + if (certbytes != (certstart + cert_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index abffbd6326..b329e89379 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3676,12 +3676,18 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) } certstart = certbytes; - x = d2i_X509(NULL, (const unsigned char **)&certbytes, l); + x = X509_new_with_libctx(s->ctx->libctx, s->ctx->propq); if (x == NULL) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); + goto err; + } + if (d2i_X509(&x, (const unsigned char **)&certbytes, l) == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB); goto err; } + if (certbytes != (certstart + l)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, diff --git a/test/ssl_test.c b/test/ssl_test.c index 731f569743..5880468f93 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -404,7 +404,7 @@ static int test_handshake(int idx) BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx); - test_ctx = SSL_TEST_CTX_create(conf, test_app); + test_ctx = SSL_TEST_CTX_create(conf, test_app, libctx); if (!TEST_ptr(test_ctx)) goto err; diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 31da26b0d7..726ee37583 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -609,25 +609,27 @@ __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx, } __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames, - const char *value) + const char *value, OPENSSL_CTX *libctx) { if (value == NULL) return 0; if (!strcmp(value, "empty")) *pnames = sk_X509_NAME_new_null(); else - *pnames = SSL_load_client_CA_file(value); + *pnames = SSL_load_client_CA_file_with_libctx(value, libctx, NULL); return *pnames != NULL; } __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx, const char *value) { - return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value); + return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value, + test_ctx->libctx); } __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx, const char *value) { - return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value); + return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value, + test_ctx->libctx); } /* ExpectedCipher */ @@ -719,12 +721,13 @@ static const ssl_test_server_option ssl_test_server_options[] = { { "SessionTicketAppData", &parse_server_session_ticket_app_data }, }; -SSL_TEST_CTX *SSL_TEST_CTX_new(void) +SSL_TEST_CTX *SSL_TEST_CTX_new(OPENSSL_CTX *libctx) { SSL_TEST_CTX *ret; /* The return code is checked by caller */ if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) { + ret->libctx = libctx; ret->app_data_size = default_app_data_size; ret->max_fragment_size = default_max_fragment_size; } @@ -758,6 +761,8 @@ static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) { + if (ctx == NULL) + return; ssl_test_ctx_free_extra_data(ctx); OPENSSL_free(ctx->expected_npn_protocol); OPENSSL_free(ctx->expected_alpn_protocol); @@ -834,7 +839,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, return 1; } -SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) +SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section, + OPENSSL_CTX *libctx) { STACK_OF(CONF_VALUE) *sk_conf = NULL; SSL_TEST_CTX *ctx = NULL; @@ -842,7 +848,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) size_t j; if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section)) - || !TEST_ptr(ctx = SSL_TEST_CTX_new())) + || !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx))) goto err; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 29955b45db..4a0d72b682 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -225,6 +225,8 @@ typedef struct { char *expected_cipher; /* Expected Session Ticket Application Data */ char *expected_session_ticket_app_data; + + OPENSSL_CTX *libctx; } SSL_TEST_CTX; const char *ssl_test_result_name(ssl_test_result_t result); @@ -246,9 +248,10 @@ const char *ssl_max_fragment_len_name(int MFL_mode); * Load the test case context from |conf|. * See test/README.ssltest.md for details on the conf file format. */ -SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section); +SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section, + OPENSSL_CTX *libctx); -SSL_TEST_CTX *SSL_TEST_CTX_new(void); +SSL_TEST_CTX *SSL_TEST_CTX_new(OPENSSL_CTX *libctx); void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index c3591a02d0..16ce32a33f 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -114,7 +114,7 @@ static SSL_TEST_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; fixture->test_case_name = test_case_name; - if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new())) { + if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new(NULL))) { OPENSSL_free(fixture); return NULL; } @@ -126,7 +126,8 @@ static int execute_test(SSL_TEST_CTX_TEST_FIXTURE *fixture) int success = 0; SSL_TEST_CTX *ctx; - if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section)) + if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section, + fixture->expected_ctx->libctx)) || !testctx_eq(ctx, fixture->expected_ctx)) goto err; @@ -232,7 +233,7 @@ static int test_bad_configuration(int idx) SSL_TEST_CTX *ctx; if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf, - bad_configurations[idx]))) { + bad_configurations[idx], NULL))) { SSL_TEST_CTX_free(ctx); return 0; } diff --git a/test/sslapitest.c b/test/sslapitest.c index ccee736592..3d6d83a11a 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -799,11 +799,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth, if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))) goto end; - chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + + if (!TEST_ptr(chaincert = X509_new_with_libctx(libctx, NULL))) + goto end; + + if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL) + goto end; BIO_free(certbio); certbio = NULL; - if (!TEST_ptr(chaincert)) - goto end; if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version, max_version, &sctx, &cctx, cert, @@ -852,6 +855,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth, testresult = 1; end: + BIO_free(certbio); X509_free(chaincert); SSL_free(serverssl); SSL_free(clientssl); @@ -1849,8 +1853,8 @@ static int test_tlsext_status_type(void) if (!TEST_ptr(certbio = BIO_new_file(cert, "r")) || !TEST_ptr(id = OCSP_RESPID_new()) || !TEST_ptr(ids = sk_OCSP_RESPID_new_null()) - || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio, - NULL, NULL, NULL)) + || !TEST_ptr(ocspcert = X509_new_with_libctx(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(certbio, &ocspcert, NULL, NULL)) || !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL)) || !TEST_true(sk_OCSP_RESPID_push(ids, id))) goto end; @@ -7482,14 +7486,16 @@ static int cert_cb(SSL *s, void *arg) goto out; if (!TEST_ptr(in = BIO_new(BIO_s_file())) || !TEST_int_ge(BIO_read_filename(in, rootfile), 0) - || !TEST_ptr(rootx = PEM_read_bio_X509(in, NULL, NULL, NULL)) + || !TEST_ptr(rootx = X509_new_with_libctx(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL)) || !TEST_true(sk_X509_push(chain, rootx))) goto out; rootx = NULL; BIO_free(in); if (!TEST_ptr(in = BIO_new(BIO_s_file())) || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0) - || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) + || !TEST_ptr(x509 = X509_new_with_libctx(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL))) goto out; BIO_free(in); if (!TEST_ptr(in = BIO_new(BIO_s_file())) @@ -7626,6 +7632,7 @@ static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) X509 *xcert; EVP_PKEY *privpkey; BIO *in = NULL; + BIO *priv_in = NULL; /* Check that SSL_get0_peer_certificate() returns something sensible */ if (!TEST_ptr(SSL_get0_peer_certificate(ssl))) @@ -7635,28 +7642,24 @@ static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) if (!TEST_ptr(in)) return 0; - xcert = PEM_read_bio_X509(in, NULL, NULL, NULL); - BIO_free(in); - if (!TEST_ptr(xcert)) - return 0; - - in = BIO_new_file(privkey, "r"); - if (!TEST_ptr(in)) { - X509_free(xcert); - return 0; - } - - privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - BIO_free(in); - if (!TEST_ptr(privpkey)) { - X509_free(xcert); - return 0; - } + if (!TEST_ptr(xcert = X509_new_with_libctx(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(in, &xcert, NULL, NULL)) + || !TEST_ptr(priv_in = BIO_new_file(privkey, "r")) + || !TEST_ptr(privpkey = PEM_read_bio_PrivateKey(priv_in, NULL, NULL, + NULL))) + goto err; *x509 = xcert; *pkey = privpkey; + BIO_free(in); + BIO_free(priv_in); return 1; +err: + X509_free(xcert); + BIO_free(in); + BIO_free(priv_in); + return 0; } static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) diff --git a/util/libcrypto.num b/util/libcrypto.num index 5e9fa4ac6c..5aff5d5c44 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5030,7 +5030,7 @@ SRP_Calc_B_ex ? 3_0_0 EXIST::FUNCTION:SRP SRP_Calc_u_ex ? 3_0_0 EXIST::FUNCTION:SRP SRP_Calc_x_ex ? 3_0_0 EXIST::FUNCTION:SRP SRP_Calc_client_key_ex ? 3_0_0 EXIST::FUNCTION:SRP -X509v3_cache_extensions ? 3_0_0 EXIST::FUNCTION: +X509v3_cache_extensions ? 3_0_0 NOEXIST::FUNCTION: EVP_PKEY_gettable_params ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_get_int_param ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_get_size_t_param ? 3_0_0 EXIST::FUNCTION: @@ -5075,8 +5075,8 @@ EVP_PKEY_CTX_set_dhx_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH X509_VERIFY_PARAM_get0_host ? 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get0_email ? 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get1_ip_asc ? 3_0_0 EXIST::FUNCTION: -X509_verify_ex ? 3_0_0 EXIST::FUNCTION: -X509_REQ_verify_ex ? 3_0_0 EXIST::FUNCTION: +X509_verify_ex ? 3_0_0 NOEXIST::FUNCTION: +X509_REQ_verify_ex ? 3_0_0 NOEXIST::FUNCTION: X509_ALGOR_copy ? 3_0_0 EXIST::FUNCTION: X509_REQ_set0_signature ? 3_0_0 EXIST::FUNCTION: X509_REQ_set1_signature_algo ? 3_0_0 EXIST::FUNCTION: @@ -5136,3 +5136,16 @@ EC_GROUP_new_by_curve_name_with_libctx ? 3_0_0 EXIST::FUNCTION:EC EC_KEY_new_with_libctx ? 3_0_0 EXIST::FUNCTION:EC EC_KEY_new_by_curve_name_with_libctx ? 3_0_0 EXIST::FUNCTION:EC OPENSSL_CTX_set0_default ? 3_0_0 EXIST::FUNCTION: +PEM_X509_INFO_read_bio_with_libctx ? 3_0_0 EXIST::FUNCTION: +PEM_X509_INFO_read_with_libctx ? 3_0_0 EXIST::FUNCTION:STDIO +X509_REQ_verify_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_new_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_LOOKUP_ctrl_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_load_cert_file_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_load_cert_crl_file_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_LOOKUP_by_subject_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_file_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_store_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_locations_with_libctx ? 3_0_0 EXIST::FUNCTION: +X509_STORE_set_default_paths_with_libctx ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_open_with_libctx ? 3_0_0 EXIST::FUNCTION: diff --git a/util/libssl.num b/util/libssl.num index 637e088704..1758525038 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -516,3 +516,4 @@ SSL_CTX_new_with_libctx ? 3_0_0 EXIST::FUNCTION: SSL_new_session_ticket ? 3_0_0 EXIST::FUNCTION: SSL_get0_peer_certificate ? 3_0_0 EXIST::FUNCTION: SSL_get1_peer_certificate ? 3_0_0 EXIST::FUNCTION: +SSL_load_client_CA_file_with_libctx ? 3_0_0 EXIST::FUNCTION: diff --git a/util/other.syms b/util/other.syms index 351cffa933..54a2b71abb 100644 --- a/util/other.syms +++ b/util/other.syms @@ -571,8 +571,11 @@ X509_CRL_http_nbio define X509_http_nbio define X509_LOOKUP_add_dir define X509_LOOKUP_add_store define +X509_LOOKUP_add_store_with_libctx define X509_LOOKUP_load_file define +X509_LOOKUP_load_file_with_libctx define X509_LOOKUP_load_store define +X509_LOOKUP_load_store_with_libctx define X509_STORE_set_lookup_crls_cb define X509_STORE_set_verify_func define EVP_PKEY_CTX_set1_id define From openssl at openssl.org Fri Jul 24 13:19:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 13:19:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1595596762.640520.1476.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 40079A41C77F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40F78AB2F87F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40F78AB2F87F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=205, Tests=3239, 1750 wallclock secs (13.74 usr 1.36 sys + 1659.45 cusr 86.18 csys = 1760.73 CPU) Result: FAIL Makefile:3126: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3124: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 24 13:43:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 13:43:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1595598234.280115.18430.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=205, Tests=3239, 904 wallclock secs (12.41 usr 1.30 sys + 799.68 cusr 63.51 csys = 876.90 CPU) Result: FAIL Makefile:3119: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3117: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Jul 24 14:39:30 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 24 Jul 2020 14:39:30 +0000 Subject: Still Failing: openssl/openssl#36330 (master - 6725682) In-Reply-To: Message-ID: <5f1af2a2e248_13fb965f0f5b04972bb@travis-pro-tasks-7db8c8f45b-rbxtt.mail> Build Update for openssl/openssl ------------------------------------- Build: #36330 Status: Still Failing Duration: 1 hr, 25 mins, and 42 secs Commit: 6725682 (master) Author: Shane Lontis Message: Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12153) View the changeset: https://github.com/openssl/openssl/compare/ae89578be293...6725682d7751 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177029148?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Jul 24 15:00:10 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 24 Jul 2020 15:00:10 +0000 Subject: [openssl] master update Message-ID: <1595602810.664181.5867.nullmailer@dev.openssl.org> The branch master has been updated via a57fc73063bee3fb787e583f5778433ef29d58eb (commit) via e2ac846eff6856136d67c46751b2b8ca16a5b575 (commit) via 436623f89f01a40c12327a67af0885a6219338b4 (commit) via 3ecbea6a0999cdd7caaac2871e1d198294dc494a (commit) via 38b14f474722ac2ace20d3b63b933b9b9cd3bbe1 (commit) via 7524b7b748d5989f015bc4b9651be92dbcb375fd (commit) via 45396db0e3bfd796e89669baf3a3ecc9602d36d5 (commit) via 5a23d78c9b141e31ab9b7d551b2125b124a75e49 (commit) via dcfacbbfe9b3f8fa13eeb17a8fa4c89edefc8389 (commit) via 1017b8e4a161682c909a98ebf3f7a21b38d6c677 (commit) via 853ca12813dee0ec7ac75cfe5f1c9685ffb2d420 (commit) via 072a9fde7d67a621ebd2c8d1ba22ab6e17da5a88 (commit) via c3e4c1f325e6fc829a5b00a19a6019249cac781a (commit) via 5dacb38ccefd45d832c9710b4dd0121fdcbdac72 (commit) via af836c22cede6bd89c0b35c13d17e95f1854c5d0 (commit) from 6725682d77510bf6d499957897d7be124d603f40 (commit) - Log ----------------------------------------------------------------- commit a57fc73063bee3fb787e583f5778433ef29d58eb Author: Richard Levitte Date: Mon Jul 20 10:50:04 2020 +0200 EVP: Fix key type check logic in evp_pkey_cmp_any() Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit e2ac846eff6856136d67c46751b2b8ca16a5b575 Author: Richard Levitte Date: Mon Jul 20 10:47:59 2020 +0200 TEST: Update the serialization/deserialization test with legacy PEM encryption This adds legacy PEM variants of already existing tests. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 436623f89f01a40c12327a67af0885a6219338b4 Author: Richard Levitte Date: Mon Jul 20 10:46:49 2020 +0200 PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 3ecbea6a0999cdd7caaac2871e1d198294dc494a Author: Richard Levitte Date: Fri Jul 10 15:28:05 2020 +0200 TEST: Update the serialization/deserialization test with encryption This adds variants of already existing tests, but where the object is encrypted / decrypted along the way as well. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 38b14f474722ac2ace20d3b63b933b9b9cd3bbe1 Author: Richard Levitte Date: Fri Jul 10 15:25:15 2020 +0200 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 7524b7b748d5989f015bc4b9651be92dbcb375fd Author: Richard Levitte Date: Fri Jul 10 15:13:55 2020 +0200 DESERIALIZER: Implement decryption of password protected objects This implements these functions: OSSL_DESERIALIZER_CTX_set_cipher() OSSL_DESERIALIZER_CTX_set_passphrase() OSSL_DESERIALIZER_CTX_set_passphrase_ui() OSSL_DESERIALIZER_CTX_set_passphrase_cb() To be able to deal with multiple deserializers trying to work on the same byte array and wanting to decrypt it while doing so, the deserializer caches the passphrase. This cache is cleared at the end of OSSL_DESERIALIZER_from_bio(). Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 45396db0e3bfd796e89669baf3a3ecc9602d36d5 Author: Richard Levitte Date: Fri Jul 10 15:08:29 2020 +0200 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() Serialization will only encrypt, so there's no point telling OSSL_SERIALIZER_CTX_set_passphrase_cb() that's going to happen. We fix the declaration of OSSL_DESERIALIZER_CTX_set_passphrase_cb() the same way. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 5a23d78c9b141e31ab9b7d551b2125b124a75e49 Author: Richard Levitte Date: Thu Jul 9 19:10:39 2020 +0200 TEST: Add new serializer and deserializer test This test revolves around a central function that will first serialize an EVP_PKEY, then deserialize the result into a new EVP_PKEY and compare the two. The following tests are currently implemented: 1. EVP_PKEY (RSA) -> DER, then DER -> EVP_PKEY (RSA). 2. EVP_PKEY (RSA) -> PEM, then PEM -> EVP_PKEY (RSA). This one exercises deserializer chains, as we know that there is a PEM -> DER and a DER -> EVP_PKEY (RSA) deserializer, but no direct PEM -> EVP_PKEY (RSA) deserializer. Additionally, a small fix in test_fail_string_common(), as strcmp() could run past a buffer if one of the strings isn't terminated with a null byte within the given length. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit dcfacbbfe9b3f8fa13eeb17a8fa4c89edefc8389 Author: Richard Levitte Date: Thu Jul 9 19:09:40 2020 +0200 PROV: Implement PEM to DER deserializer Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 1017b8e4a161682c909a98ebf3f7a21b38d6c677 Author: Richard Levitte Date: Thu Jul 9 19:07:12 2020 +0200 PROV: Implement DER to RSA deserializer Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 853ca12813dee0ec7ac75cfe5f1c9685ffb2d420 Author: Richard Levitte Date: Thu Jul 9 18:55:44 2020 +0200 CORE: Add upcalls for BIO_gets() and BIO_puts() Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 072a9fde7d67a621ebd2c8d1ba22ab6e17da5a88 Author: Richard Levitte Date: Wed Jul 8 23:19:13 2020 +0200 SERIALIZER: Add functions to deserialize into an EVP_PKEY EVP_PKEY is the fundamental type for provider side code, so we implement specific support for it, in form of a special context constructor. This constructor looks up and collects all available KEYMGMT implementations, and then uses those names to collect deserializer implementations, as described in the previous commit. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit c3e4c1f325e6fc829a5b00a19a6019249cac781a Author: Richard Levitte Date: Wed Jul 8 23:04:08 2020 +0200 DESERIALIZER: Add foundation for deserializers This adds a method OSSL_DESERIALIZER, a deserializer context and basic support to use a set of serializers to get a desired type of data, as well as deserializer chains. The idea is that the caller can call OSSL_DESERIALIZER_CTX_add_serializer() to set up the set of desired results, and to add possible chains, call OSSL_DESERIALIZER_CTX_add_extra(). All these deserializers are pushed on an internal stack. The actual deserialization is then performed using functions like OSSL_DESERIALIZER_from_bio(). When performing deserialization, the inernal stack is walked backwards, keeping track of the deserialized data and its type along the way, until the data kan be processed into the desired type of data. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit 5dacb38ccefd45d832c9710b4dd0121fdcbdac72 Author: Richard Levitte Date: Wed Jul 8 22:21:18 2020 +0200 KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() This function is used to create a keydata for a key that libcrypto only has a reference to. This introduces provider references, the contents which only the provider know how to interpret. Outside of the provider, this is just an array of bytes. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) commit af836c22cede6bd89c0b35c13d17e95f1854c5d0 Author: Richard Levitte Date: Wed Jul 8 22:09:32 2020 +0200 EVP KEYMGMT utils: Make a few more utility functions available This makes the following functions available for libcrypto code: evp_keymgmt_util_try_import() - callback function evp_keymgmt_util_assign_pkey() - assigns keymgmt and keydata to an EVP_PKEY evp_keymgmt_util_make_pkey() - creates an EVP_PKEY from keymgmt and keydata Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) ----------------------------------------------------------------------- Summary of changes: crypto/err/err.c | 1 + crypto/err/openssl.ec | 1 + crypto/err/openssl.txt | 1 + crypto/evp/evp_local.h | 2 + crypto/evp/keymgmt_lib.c | 78 +-- crypto/evp/keymgmt_meth.c | 16 +- crypto/evp/p_lib.c | 21 +- crypto/pem/pem_local.h | 2 +- crypto/pem/pem_pk8.c | 3 +- crypto/property/property_parse.c | 1 + crypto/provider_core.c | 2 + crypto/serializer/build.info | 10 +- crypto/serializer/deserializer_err.c | 31 ++ crypto/serializer/deserializer_lib.c | 438 ++++++++++++++++ crypto/serializer/deserializer_meth.c | 548 +++++++++++++++++++++ crypto/serializer/deserializer_pkey.c | 361 ++++++++++++++ crypto/serializer/serdes_pass.c | 159 ++++++ crypto/serializer/serializer_local.h | 85 +++- crypto/serializer/serializer_meth.c | 36 +- crypto/serializer/serializer_pkey.c | 112 +---- doc/man3/OSSL_DESERIALIZER.pod | 146 ++++++ doc/man3/OSSL_DESERIALIZER_CTX.pod | 74 +++ doc/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.pod | 117 +++++ doc/man3/OSSL_DESERIALIZER_from_bio.pod | 253 ++++++++++ doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod | 2 +- doc/man7/provider-keymgmt.pod | 23 +- include/crypto/evp.h | 18 + include/crypto/serializer.h | 2 + include/internal/cryptlib.h | 9 +- include/openssl/core_dispatch.h | 40 +- include/openssl/core_names.h | 10 +- include/openssl/deserializer.h | 120 +++++ include/openssl/deserializererr.h | 35 ++ include/openssl/err.h | 3 +- include/openssl/serializer.h | 2 +- include/openssl/types.h | 2 + providers/common/bio_prov.c | 32 +- providers/common/include/prov/bio.h | 2 + providers/defltprov.c | 13 + .../implementations/include/prov/implementations.h | 3 + providers/implementations/keymgmt/rsa_kmgmt.c | 17 + providers/implementations/serializers/build.info | 3 +- .../serializers/deserialize_common.c | 91 ++++ .../serializers/deserialize_der2rsa.c | 231 +++++++++ .../serializers/deserialize_pem2der.c | 202 ++++++++ .../serializers/serializer_common.c | 10 + .../implementations/serializers/serializer_local.h | 13 + .../implementations/serializers/serializer_rsa.c | 5 + test/build.info | 5 + test/recipes/04-test_serializer_deserializer.t | 15 + test/serdes_test.c | 378 ++++++++++++++ test/testutil/format_output.c | 2 +- util/libcrypto.num | 31 ++ util/missingcrypto.txt | 1 + util/other.syms | 6 + 55 files changed, 3623 insertions(+), 201 deletions(-) create mode 100644 crypto/serializer/deserializer_err.c create mode 100644 crypto/serializer/deserializer_lib.c create mode 100644 crypto/serializer/deserializer_meth.c create mode 100644 crypto/serializer/deserializer_pkey.c create mode 100644 crypto/serializer/serdes_pass.c create mode 100644 doc/man3/OSSL_DESERIALIZER.pod create mode 100644 doc/man3/OSSL_DESERIALIZER_CTX.pod create mode 100644 doc/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.pod create mode 100644 doc/man3/OSSL_DESERIALIZER_from_bio.pod create mode 100644 include/openssl/deserializer.h create mode 100644 include/openssl/deserializererr.h create mode 100644 providers/implementations/serializers/deserialize_common.c create mode 100644 providers/implementations/serializers/deserialize_der2rsa.c create mode 100644 providers/implementations/serializers/deserialize_pem2der.c create mode 100644 test/recipes/04-test_serializer_deserializer.t create mode 100644 test/serdes_test.c diff --git a/crypto/err/err.c b/crypto/err/err.c index 26cf2b0b9d..e2d70d7a58 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -76,6 +76,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"}, {ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines"}, {ERR_PACK(ERR_LIB_OSSL_SERIALIZER, 0, 0), "SERIALIZER routines"}, + {ERR_PACK(ERR_LIB_OSSL_DESERIALIZER, 0, 0), "DESERIALIZER routines"}, {ERR_PACK(ERR_LIB_HTTP, 0, 0), "HTTP routines"}, {0, NULL}, }; diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 1ec7bb1162..f1bed12795 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -41,6 +41,7 @@ L ESS include/openssl/ess.h crypto/ess/ess_err.c L PROP include/internal/property.h crypto/property/property_err.c L PROV providers/common/include/prov/providercommon.h providers/common/provider_err.c L OSSL_SERIALIZER include/openssl/serializer.h crypto/serializer/serializer_err.c +L OSSL_DESERIALIZER include/openssl/deserializer.h crypto/serializer/deserializer_err.c L HTTP include/openssl/http.h crypto/http/http_err.c # additional header files to be scanned for function names diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index fcc4fb5c1c..e5ed28bce1 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2693,6 +2693,7 @@ OCSP_R_STATUS_TOO_OLD:127:status too old OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest OCSP_R_UNKNOWN_NID:120:unknown nid OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type +OSSL_DESERIALIZER_R_MISSING_GET_PARAMS:100:missing get params OSSL_SERIALIZER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query OSSL_SERIALIZER_R_SERIALIZER_NOT_FOUND:101:serializer not found OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 4aae702d6f..99c53484a6 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -122,6 +122,8 @@ struct evp_keymgmt_st { OSSL_FUNC_keymgmt_gen_fn *gen; OSSL_FUNC_keymgmt_gen_cleanup_fn *gen_cleanup; + OSSL_FUNC_keymgmt_load_fn *load; + /* Key object checking */ OSSL_FUNC_keymgmt_query_operation_name_fn *query_operation_name; OSSL_FUNC_keymgmt_has_fn *has; diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 68ed74b23a..5ef4115f47 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -28,16 +28,9 @@ static int match_type(const EVP_KEYMGMT *keymgmt1, const EVP_KEYMGMT *keymgmt2) return EVP_KEYMGMT_is_a(keymgmt1, name2); } -struct import_data_st { - EVP_KEYMGMT *keymgmt; - void *keydata; - - int selection; -}; - -static int try_import(const OSSL_PARAM params[], void *arg) +int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg) { - struct import_data_st *data = arg; + struct evp_keymgmt_util_try_import_data_st *data = arg; /* Just in time creation of keydata */ if (data->keydata == NULL @@ -57,9 +50,36 @@ static int try_import(const OSSL_PARAM params[], void *arg) params); } +int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, + void *keydata) +{ + if (pkey == NULL || keymgmt == NULL || keydata == NULL + || !EVP_PKEY_set_type_by_keymgmt(pkey, keymgmt)) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + return 0; + } + pkey->keydata = keydata; + evp_keymgmt_util_cache_keyinfo(pkey); + return 1; +} + +EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata) +{ + EVP_PKEY *pkey = NULL; + + if (keymgmt == NULL + || keydata == NULL + || (pkey = EVP_PKEY_new()) == NULL + || !evp_keymgmt_util_assign_pkey(pkey, keymgmt, keydata)) { + EVP_PKEY_free(pkey); + return NULL; + } + return pkey; +} + void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) { - struct import_data_st import_data; + struct evp_keymgmt_util_try_import_data_st import_data; size_t i = 0; /* Export to where? */ @@ -111,16 +131,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) */ /* Setup for the export callback */ - import_data.keydata = NULL; /* try_import will create it */ + import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ import_data.keymgmt = keymgmt; import_data.selection = OSSL_KEYMGMT_SELECT_ALL; /* - * The export function calls the callback (try_import), which does the - * import for us. If successful, we're done. + * The export function calls the callback (evp_keymgmt_util_try_import), + * which does the import for us. If successful, we're done. */ if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, OSSL_KEYMGMT_SELECT_ALL, - &try_import, &import_data)) { + &evp_keymgmt_util_try_import, &import_data)) { /* If there was an error, bail out */ evp_keymgmt_freedata(keymgmt, import_data.keydata); return NULL; @@ -210,15 +230,10 @@ void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, if ((keydata = evp_keymgmt_newdata(keymgmt)) == NULL || !evp_keymgmt_import(keymgmt, keydata, selection, params) - || !EVP_PKEY_set_type_by_keymgmt(target, keymgmt)) { + || !evp_keymgmt_util_assign_pkey(target, keymgmt, keydata)) { evp_keymgmt_freedata(keymgmt, keydata); keydata = NULL; } - if (keydata != NULL) { - target->keydata = keydata; - evp_keymgmt_util_cache_keyinfo(target); - } - return keydata; } @@ -371,21 +386,21 @@ int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection) selection)) return 0; } else if (match_type(to_keymgmt, from->keymgmt)) { - struct import_data_st import_data; + struct evp_keymgmt_util_try_import_data_st import_data; import_data.keymgmt = to_keymgmt; import_data.keydata = to_keydata; import_data.selection = selection; if (!evp_keymgmt_export(from->keymgmt, from->keydata, selection, - &try_import, &import_data)) { + &evp_keymgmt_util_try_import, &import_data)) { evp_keymgmt_freedata(to_keymgmt, alloc_keydata); return 0; } /* - * In case to_keydata was previously unallocated, try_import() - * may have created it for us. + * In case to_keydata was previously unallocated, + * evp_keymgmt_util_try_import() may have created it for us. */ if (to_keydata == NULL) to_keydata = alloc_keydata = import_data.keydata; @@ -394,6 +409,15 @@ int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection) return 0; } + /* + * We only need to set the |to| type when its |keymgmt| isn't set. + * We can then just set its |keydata| to what we have, which might + * be exactly what it had when entering this function. + * This is a bit different from using evp_keymgmt_util_assign_pkey(), + * which isn't as careful with |to|'s original |keymgmt|, since it's + * meant to forcibly reassign an EVP_PKEY no matter what, which is + * why we don't use that one here. + */ if (to->keymgmt == NULL && !EVP_PKEY_set_type_by_keymgmt(to, to_keymgmt)) { evp_keymgmt_freedata(to_keymgmt, alloc_keydata); @@ -411,14 +435,10 @@ void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, void *keydata = NULL; if ((keydata = evp_keymgmt_gen(keymgmt, genctx, cb, cbarg)) == NULL - || !EVP_PKEY_set_type_by_keymgmt(target, keymgmt)) { + || !evp_keymgmt_util_assign_pkey(target, keymgmt, keydata)) { evp_keymgmt_freedata(keymgmt, keydata); keydata = NULL; } - if (keydata != NULL) { - target->keydata = keydata; - evp_keymgmt_util_cache_keyinfo(target); - } return keydata; } diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 7847b98380..47067dd6c7 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -89,6 +89,10 @@ static void *keymgmt_from_dispatch(int name_id, if (keymgmt->free == NULL) keymgmt->free = OSSL_FUNC_keymgmt_free(fns); break; + case OSSL_FUNC_KEYMGMT_LOAD: + if (keymgmt->load == NULL) + keymgmt->load = OSSL_FUNC_keymgmt_load(fns); + break; case OSSL_FUNC_KEYMGMT_GET_PARAMS: if (keymgmt->get_params == NULL) { getparamfncnt++; @@ -171,7 +175,9 @@ static void *keymgmt_from_dispatch(int name_id, * export if you can't import or export. */ if (keymgmt->free == NULL - || (keymgmt->new == NULL && keymgmt->gen == NULL) + || (keymgmt->new == NULL + && keymgmt->gen == NULL + && keymgmt->load == NULL) || keymgmt->has == NULL || (getparamfncnt != 0 && getparamfncnt != 2) || (setparamfncnt != 0 && setparamfncnt != 2) @@ -345,6 +351,14 @@ void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx) keymgmt->gen_cleanup(genctx); } +void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, + const void *objref, size_t objref_sz) +{ + if (keymgmt->load != NULL) + return keymgmt->load(objref, objref_sz); + return NULL; +} + int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata, OSSL_PARAM params[]) { diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index aa11608688..65a767b4d0 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -219,23 +219,22 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, void *keydata1 = NULL, *keydata2 = NULL, *tmp_keydata = NULL; /* If none of them are provided, this function shouldn't have been called */ - if (!ossl_assert(a->keymgmt != NULL || b->keymgmt != NULL)) + if (!ossl_assert(evp_pkey_is_provided(a) || evp_pkey_is_provided(b))) return -2; /* For purely provided keys, we just call the keymgmt utility */ - if (a->keymgmt != NULL && b->keymgmt != NULL) + if (evp_pkey_is_provided(a) && evp_pkey_is_provided(b)) return evp_keymgmt_util_match((EVP_PKEY *)a, (EVP_PKEY *)b, selection); /* * At this point, one of them is provided, the other not. This allows * us to compare types using legacy NIDs. */ - if ((a->type != EVP_PKEY_NONE - && (b->keymgmt == NULL - || !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type)))) - || (b->type != EVP_PKEY_NONE - && (a->keymgmt == NULL - || !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))))) + if (evp_pkey_is_legacy(a) + && !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type))) + return -1; /* not the same key type */ + if (evp_pkey_is_legacy(b) + && !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))) return -1; /* not the same key type */ /* @@ -1803,15 +1802,13 @@ int evp_pkey_downgrade(EVP_PKEY *pk) * of the key data, typically the private bits. In this case, we restore * the provider side internal "origin" and leave it at that. */ - if (!ossl_assert(EVP_PKEY_set_type_by_keymgmt(pk, keymgmt))) { + if (!ossl_assert(evp_keymgmt_util_assign_pkey(pk, keymgmt, keydata))) { /* This should not be impossible */ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; } - /* EVP_PKEY_set_type_by_keymgmt() increased the refcount... */ + /* evp_keymgmt_util_assign_pkey() increased the refcount... */ EVP_KEYMGMT_free(keymgmt); - pk->keydata = keydata; - evp_keymgmt_util_cache_keyinfo(pk); return 0; /* No downgrade, but at least the key is restored */ } #endif /* FIPS_MODULE */ diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h index 3b501abde7..9563925f73 100644 --- a/crypto/pem/pem_local.h +++ b/crypto/pem/pem_local.h @@ -45,7 +45,7 @@ && !OSSL_SERIALIZER_CTX_set_passphrase(ctx, kstr, klen)) \ ret = 0; \ else if (cb != NULL \ - && !OSSL_SERIALIZER_CTX_set_passphrase_cb(ctx, 1, \ + && !OSSL_SERIALIZER_CTX_set_passphrase_cb(ctx, \ cb, u)) \ ret = 0; \ } \ diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 8dbcb65bf7..12a25b7a82 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -109,8 +109,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, && !OSSL_SERIALIZER_CTX_set_passphrase(ctx, ukstr, klen)) ret = 0; else if (cb != NULL - && !OSSL_SERIALIZER_CTX_set_passphrase_cb(ctx, 1, - cb, u)) + && !OSSL_SERIALIZER_CTX_set_passphrase_cb(ctx, cb, u)) ret = 0; } } diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 41a5a059c5..91b830c2e5 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -598,6 +598,7 @@ int ossl_property_parse_init(OPENSSL_CTX *ctx) "fips", /* FIPS validated or FIPS supporting algorithm */ "format", /* output format for serializers */ "type", /* output type for serializers */ + "input", /* input type for deserializers */ }; size_t i; diff --git a/crypto/provider_core.c b/crypto/provider_core.c index b6586f904e..79c330383c 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1061,6 +1061,8 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex }, { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))BIO_write_ex }, + { OSSL_FUNC_BIO_GETS, (void (*)(void))BIO_gets }, + { OSSL_FUNC_BIO_PUTS, (void (*)(void))BIO_puts }, { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free }, { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf }, { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, diff --git a/crypto/serializer/build.info b/crypto/serializer/build.info index 551319ed59..11f8889b6b 100644 --- a/crypto/serializer/build.info +++ b/crypto/serializer/build.info @@ -1,2 +1,8 @@ -SOURCE[../../libcrypto]=serializer_meth.c serializer_lib.c serializer_pkey.c \ - serializer_err.c +SOURCE[../../libcrypto]=serdes_pass.c + +SOURCE[../../libcrypto]=serializer_meth.c serializer_lib.c serializer_pkey.c +SOURCE[../../libcrypto]=deserializer_meth.c deserializer_lib.c \ + deserializer_pkey.c + +SOURCE[../../libcrypto]=serializer_err.c +SOURCE[../../libcrypto]=deserializer_err.c diff --git a/crypto/serializer/deserializer_err.c b/crypto/serializer/deserializer_err.c new file mode 100644 index 0000000000..2cc245996f --- /dev/null +++ b/crypto/serializer/deserializer_err.c @@ -0,0 +1,31 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA OSSL_DESERIALIZER_str_reasons[] = { + {ERR_PACK(ERR_LIB_OSSL_DESERIALIZER, 0, OSSL_DESERIALIZER_R_MISSING_GET_PARAMS), + "missing get params"}, + {0, NULL} +}; + +#endif + +int ERR_load_OSSL_DESERIALIZER_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_reason_error_string(OSSL_DESERIALIZER_str_reasons[0].error) == NULL) + ERR_load_strings_const(OSSL_DESERIALIZER_str_reasons); +#endif + return 1; +} diff --git a/crypto/serializer/deserializer_lib.c b/crypto/serializer/deserializer_lib.c new file mode 100644 index 0000000000..2fbb7782cf --- /dev/null +++ b/crypto/serializer/deserializer_lib.c @@ -0,0 +1,438 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "serializer_local.h" +#include "e_os.h" + +struct deser_process_data_st { + OSSL_DESERIALIZER_CTX *ctx; + + /* Current BIO */ + BIO *bio; + + /* Index of the current deserializer instance to be processed */ + size_t current_deser_inst_index; +}; + +static int deser_process(const OSSL_PARAM params[], void *arg); + +int OSSL_DESERIALIZER_from_bio(OSSL_DESERIALIZER_CTX *ctx, BIO *in) +{ + struct deser_process_data_st data; + int ok = 0; + + memset(&data, 0, sizeof(data)); + data.ctx = ctx; + data.bio = in; + + ok = deser_process(NULL, &data); + + /* Clear any cached passphrase */ + OPENSSL_clear_free(ctx->cached_passphrase, ctx->cached_passphrase_len); + ctx->cached_passphrase = NULL; + ctx->cached_passphrase_len = 0; + return ok; +} + +#ifndef OPENSSL_NO_STDIO +static BIO *bio_from_file(FILE *fp) +{ + BIO *b; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_BIO_LIB); + return NULL; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + return b; +} + +int OSSL_DESERIALIZER_from_fp(OSSL_DESERIALIZER_CTX *ctx, FILE *fp) +{ + BIO *b = bio_from_file(fp); + int ret = 0; + + if (b != NULL) + ret = OSSL_DESERIALIZER_from_bio(ctx, b); + + BIO_free(b); + return ret; +} +#endif + +int OSSL_DESERIALIZER_CTX_set_input_type(OSSL_DESERIALIZER_CTX *ctx, + const char *input_type) +{ + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* + * NULL is a valid starting input type, and means that the caller leaves + * it to code to discover what the starting input type is. + */ + ctx->start_input_type = input_type; + return 1; +} + +int OSSL_DESERIALIZER_CTX_add_deserializer(OSSL_DESERIALIZER_CTX *ctx, + OSSL_DESERIALIZER *deser) +{ + OSSL_DESERIALIZER_INSTANCE *deser_inst = NULL; + const OSSL_PROVIDER *prov = NULL; + OSSL_PARAM params[2]; + void *provctx = NULL; + + if (!ossl_assert(ctx != NULL) || !ossl_assert(deser != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (deser->get_params == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, + OSSL_DESERIALIZER_R_MISSING_GET_PARAMS); + return 0; + } + + if (ctx->deser_insts == NULL + && (ctx->deser_insts = + sk_OSSL_DESERIALIZER_INSTANCE_new_null()) == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_MALLOC_FAILURE); + return 0; + } + if ((deser_inst = OPENSSL_zalloc(sizeof(*deser_inst))) == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!OSSL_DESERIALIZER_up_ref(deser)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_INTERNAL_ERROR); + goto err; + } + deser_inst->deser = deser; + + prov = OSSL_DESERIALIZER_provider(deser_inst->deser); + provctx = OSSL_PROVIDER_get0_provider_ctx(prov); + + /* Cache the input type for this serializer */ + params[0] = + OSSL_PARAM_construct_utf8_ptr(OSSL_DESERIALIZER_PARAM_INPUT_TYPE, + (char **)&deser_inst->input_type, 0); + params[1] = OSSL_PARAM_construct_end(); + + if (!deser_inst->deser->get_params(params) + || !OSSL_PARAM_modified(¶ms[0])) + goto err; + + if ((deser_inst->deserctx = deser_inst->deser->newctx(provctx)) + == NULL) + goto err; + + if (sk_OSSL_DESERIALIZER_INSTANCE_push(ctx->deser_insts, deser_inst) <= 0) + goto err; + + return 1; + err: + if (deser_inst != NULL) { + if (deser_inst->deser != NULL) + deser_inst->deser->freectx(deser_inst->deserctx); + OSSL_DESERIALIZER_free(deser_inst->deser); + OPENSSL_free(deser_inst); + } + return 0; +} + +int OSSL_DESERIALIZER_CTX_add_extra(OSSL_DESERIALIZER_CTX *ctx, + OPENSSL_CTX *libctx, const char *propq) +{ + /* + * This function goes through existing deserializer methods in + * |ctx->deser_insts|, and tries to fetch new deserializers that produce + * what the existing ones want as input, and push those newly fetched + * deserializers on top of the same stack. + * Then it does the same again, but looping over the newly fetched + * deserializers, until there are no more serializers to be fetched, or + * when we have done this 10 times. + * + * we do this with sliding windows on the stack by keeping track of indexes + * and of the end. + * + * +----------------+ + * | DER to RSA | <--- w_prev_start + * +----------------+ + * | DER to DSA | + * +----------------+ + * | DER to DH | + * +----------------+ + * | PEM to DER | <--- w_prev_end, w_new_start + * +----------------+ + * <--- w_new_end + */ + size_t w_prev_start, w_prev_end; /* "previous" deserializers */ + size_t w_new_start, w_new_end; /* "new" deserializers */ + size_t count = 0; /* Calculates how many were added in each iteration */ + size_t depth = 0; /* Counts the number of iterations */ + + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* + * If there is no stack of OSSL_DESERIALIZER_INSTANCE, we have nothing + * more to add. That's fine. + */ + if (ctx->deser_insts == NULL) + return 1; + + w_prev_start = 0; + w_prev_end = sk_OSSL_DESERIALIZER_INSTANCE_num(ctx->deser_insts); + do { + size_t i; + + w_new_start = w_new_end = w_prev_end; + + for (i = w_prev_start; i < w_prev_end; i++) { + OSSL_DESERIALIZER_INSTANCE *deser_inst = + sk_OSSL_DESERIALIZER_INSTANCE_value(ctx->deser_insts, i); + const char *name = deser_inst->input_type; + OSSL_DESERIALIZER *deser = NULL; + + /* + * If the caller has specified what the initial input should be, + * and the deserializer implementation we're looking at has that + * input type, there's no point adding on more implementations + * on top of this one, so we don't. + */ + if (ctx->start_input_type != NULL + && strcasecmp(ctx->start_input_type, + deser_inst->input_type) != 0) + continue; + + ERR_set_mark(); + deser = OSSL_DESERIALIZER_fetch(libctx, name, propq); + ERR_pop_to_mark(); + + if (deser != NULL) { + size_t j; + + /* + * Check that we don't already have this deserializer in our + * stack We only need to check among the newly added ones. + */ + for (j = w_new_start; j < w_new_end; j++) { + OSSL_DESERIALIZER_INSTANCE *check_inst = + sk_OSSL_DESERIALIZER_INSTANCE_value(ctx->deser_insts, j); + + if (deser == check_inst->deser) { + /* We found it, so drop the new fetch */ + OSSL_DESERIALIZER_free(deser); + deser = NULL; + break; + } + } + } + + if (deser == NULL) + continue; + + /* + * Apart from keeping w_new_end up to date, We don't care about + * errors here. If it doesn't collect, then it doesn't... + */ + if (OSSL_DESERIALIZER_CTX_add_deserializer(ctx, deser)) /* ref++ */ + w_new_end++; + OSSL_DESERIALIZER_free(deser); /* ref-- */ + } + /* How many were added in this iteration */ + count = w_new_end - w_new_start; + + /* Slide the "previous deserializer" windows */ + w_prev_start = w_new_start; + w_prev_end = w_new_end; + + depth++; + } while (count != 0 && depth <= 10); + + return 1; +} + +int OSSL_DESERIALIZER_CTX_num_deserializers(OSSL_DESERIALIZER_CTX *ctx) +{ + if (ctx == NULL || ctx->deser_insts == NULL) + return 0; + return sk_OSSL_DESERIALIZER_INSTANCE_num(ctx->deser_insts); +} + +int OSSL_DESERIALIZER_CTX_set_finalizer(OSSL_DESERIALIZER_CTX *ctx, + OSSL_DESERIALIZER_FINALIZER *finalizer, + OSSL_DESERIALIZER_CLEANER *cleaner, + void *finalize_arg) +{ + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ctx->finalizer = finalizer; + ctx->cleaner = cleaner; + ctx->finalize_arg = finalize_arg; + return 1; +} + +int OSSL_DESERIALIZER_export(OSSL_DESERIALIZER_INSTANCE *deser_inst, + void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) +{ + if (!(ossl_assert(deser_inst != NULL) + && ossl_assert(reference != NULL) + && ossl_assert(export_cb != NULL) + && ossl_assert(export_cbarg != NULL))) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return deser_inst->deser->export_object(deser_inst->deserctx, + reference, reference_sz, + export_cb, export_cbarg); +} + +OSSL_DESERIALIZER *OSSL_DESERIALIZER_INSTANCE_deserializer + (OSSL_DESERIALIZER_INSTANCE *deser_inst) +{ + if (deser_inst == NULL) + return NULL; + return deser_inst->deser; +} + +void *OSSL_DESERIALIZER_INSTANCE_deserializer_ctx + (OSSL_DESERIALIZER_INSTANCE *deser_inst) +{ + if (deser_inst == NULL) + return NULL; + return deser_inst->deserctx; +} + +static int deser_process(const OSSL_PARAM params[], void *arg) +{ + struct deser_process_data_st *data = arg; + OSSL_DESERIALIZER_CTX *ctx = data->ctx; + OSSL_DESERIALIZER_INSTANCE *deser_inst = NULL; + OSSL_DESERIALIZER *deser = NULL; + BIO *bio = data->bio; + long loc; + size_t i; + int ok = 0; + /* For recursions */ + struct deser_process_data_st new_data; + + memset(&new_data, 0, sizeof(new_data)); + new_data.ctx = data->ctx; + + if (params == NULL) { + /* First iteration, where we prepare for what is to come */ + + data->current_deser_inst_index = + OSSL_DESERIALIZER_CTX_num_deserializers(ctx); + + bio = data->bio; + } else { + const OSSL_PARAM *p; + + deser_inst = + sk_OSSL_DESERIALIZER_INSTANCE_value(ctx->deser_insts, + data->current_deser_inst_index); + deser = OSSL_DESERIALIZER_INSTANCE_deserializer(deser_inst); + + if (ctx->finalizer(deser_inst, params, ctx->finalize_arg)) { + ok = 1; + goto end; + } + + /* The finalizer didn't return success */ + + /* + * so we try to use the object we got and feed it to any next + * deserializer that will take it. Object references are not + * allowed for this. + * If this data isn't present, deserialization has failed. + */ + + p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_DATA); + if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING) + goto end; + new_data.bio = BIO_new_mem_buf(p->data, (int)p->data_size); + if (new_data.bio == NULL) + goto end; + bio = new_data.bio; + } + + /* + * If we have no more deserializers to look through at this point, + * we failed + */ + if (data->current_deser_inst_index == 0) + goto end; + + if ((loc = BIO_tell(bio)) < 0) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_BIO_LIB); + goto end; + } + + for (i = data->current_deser_inst_index; i-- > 0;) { + OSSL_DESERIALIZER_INSTANCE *new_deser_inst = + sk_OSSL_DESERIALIZER_INSTANCE_value(ctx->deser_insts, i); + OSSL_DESERIALIZER *new_deser = + OSSL_DESERIALIZER_INSTANCE_deserializer(new_deser_inst); + + /* + * If |deser| is NULL, it means we've just started, and the caller + * may have specified what it expects the initial input to be. If + * that's the case, we do this extra check. + */ + if (deser == NULL && ctx->start_input_type != NULL + && strcasecmp(ctx->start_input_type, deser_inst->input_type) != 0) + continue; + + /* + * If we have a previous deserializer, we check that the input type + * of the next to be used matches the type of this previous one. + * deser_inst->input_type is a cache of the parameter "input-type" + * value for that deserializer. + */ + if (deser != NULL + && !OSSL_DESERIALIZER_is_a(deser, new_deser_inst->input_type)) + continue; + + if (loc == 0) { + if (BIO_reset(bio) <= 0) + goto end; + } else { + if (BIO_seek(bio, loc) <= 0) + goto end; + } + + /* Recurse */ + new_data.current_deser_inst_index = i; + ok = new_deser->deserialize(new_deser_inst->deserctx, + (OSSL_CORE_BIO *)bio, + deser_process, &new_data, + NULL /* ossl_deserializer_passphrase_in_cb */, + new_data.ctx); + if (ok) + break; + } + + end: + BIO_free(new_data.bio); + return ok; +} diff --git a/crypto/serializer/deserializer_meth.c b/crypto/serializer/deserializer_meth.c new file mode 100644 index 0000000000..54500716ec --- /dev/null +++ b/crypto/serializer/deserializer_meth.c @@ -0,0 +1,548 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/core.h" +#include "internal/namemap.h" +#include "internal/property.h" +#include "internal/provider.h" +#include "crypto/serializer.h" +#include "serializer_local.h" + +static void OSSL_DESERIALIZER_INSTANCE_free(OSSL_DESERIALIZER_INSTANCE *instance); + +/* + * Deserializer can have multiple names, separated with colons in a name string + */ +#define NAME_SEPARATOR ':' + +/* Simple method structure constructor and destructor */ +static OSSL_DESERIALIZER *ossl_deserializer_new(void) +{ + OSSL_DESERIALIZER *deser = NULL; + + if ((deser = OPENSSL_zalloc(sizeof(*deser))) == NULL + || (deser->base.lock = CRYPTO_THREAD_lock_new()) == NULL) { + OSSL_DESERIALIZER_free(deser); + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_MALLOC_FAILURE); + return NULL; + } + + deser->base.refcnt = 1; + + return deser; +} + +int OSSL_DESERIALIZER_up_ref(OSSL_DESERIALIZER *deser) +{ + int ref = 0; + + CRYPTO_UP_REF(&deser->base.refcnt, &ref, deser->base.lock); + return 1; +} + +void OSSL_DESERIALIZER_free(OSSL_DESERIALIZER *deser) +{ + int ref = 0; + + if (deser == NULL) + return; + + CRYPTO_DOWN_REF(&deser->base.refcnt, &ref, deser->base.lock); + if (ref > 0) + return; + ossl_provider_free(deser->base.prov); + CRYPTO_THREAD_lock_free(deser->base.lock); + OPENSSL_free(deser); +} + +/* Permanent deserializer method store, constructor and destructor */ +static void deserializer_store_free(void *vstore) +{ + ossl_method_store_free(vstore); +} + +static void *deserializer_store_new(OPENSSL_CTX *ctx) +{ + return ossl_method_store_new(ctx); +} + + +static const OPENSSL_CTX_METHOD deserializer_store_method = { + deserializer_store_new, + deserializer_store_free, +}; + +/* Data to be passed through ossl_method_construct() */ +struct deserializer_data_st { + OPENSSL_CTX *libctx; + OSSL_METHOD_CONSTRUCT_METHOD *mcm; + int id; /* For get_deserializer_from_store() */ + const char *names; /* For get_deserializer_from_store() */ + const char *propquery; /* For get_deserializer_from_store() */ +}; + +/* + * Generic routines to fetch / create DESERIALIZER methods with + * ossl_method_construct() + */ + +/* Temporary deserializer method store, constructor and destructor */ +static void *alloc_tmp_deserializer_store(OPENSSL_CTX *ctx) +{ + return ossl_method_store_new(ctx); +} + + static void dealloc_tmp_deserializer_store(void *store) +{ + if (store != NULL) + ossl_method_store_free(store); +} + +/* Get the permanent deserializer store */ +static OSSL_METHOD_STORE *get_deserializer_store(OPENSSL_CTX *libctx) +{ + return openssl_ctx_get_data(libctx, OPENSSL_CTX_DESERIALIZER_STORE_INDEX, + &deserializer_store_method); +} + +/* Get deserializer methods from a store, or put one in */ +static void *get_deserializer_from_store(OPENSSL_CTX *libctx, void *store, + void *data) +{ + struct deserializer_data_st *methdata = data; + void *method = NULL; + int id; + + if ((id = methdata->id) == 0) { + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + id = ossl_namemap_name2num(namemap, methdata->names); + } + + if (store == NULL + && (store = get_deserializer_store(libctx)) == NULL) + return NULL; + + if (!ossl_method_store_fetch(store, id, methdata->propquery, &method)) + return NULL; + return method; +} + +static int put_deserializer_in_store(OPENSSL_CTX *libctx, void *store, + void *method, const OSSL_PROVIDER *prov, + int operation_id, const char *names, + const char *propdef, void *unused) +{ + OSSL_NAMEMAP *namemap; + int id; + + if ((namemap = ossl_namemap_stored(libctx)) == NULL + || (id = ossl_namemap_name2num(namemap, names)) == 0) + return 0; + + if (store == NULL && (store = get_deserializer_store(libctx)) == NULL) + return 0; + + return ossl_method_store_add(store, prov, id, propdef, method, + (int (*)(void *))OSSL_DESERIALIZER_up_ref, + (void (*)(void *))OSSL_DESERIALIZER_free); +} + +/* Create and populate a deserializer method */ +static void *deserializer_from_dispatch(int id, const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) +{ + OSSL_DESERIALIZER *deser = NULL; + const OSSL_DISPATCH *fns = algodef->implementation; + + if ((deser = ossl_deserializer_new()) == NULL) + return NULL; + deser->base.id = id; + deser->base.propdef = algodef->property_definition; + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_DESERIALIZER_NEWCTX: + if (deser->newctx == NULL) + deser->newctx = OSSL_FUNC_deserializer_newctx(fns); + break; + case OSSL_FUNC_DESERIALIZER_FREECTX: + if (deser->freectx == NULL) + deser->freectx = OSSL_FUNC_deserializer_freectx(fns); + break; + case OSSL_FUNC_DESERIALIZER_GET_PARAMS: + if (deser->get_params == NULL) + deser->get_params = + OSSL_FUNC_deserializer_get_params(fns); + break; + case OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS: + if (deser->gettable_params == NULL) + deser->gettable_params = + OSSL_FUNC_deserializer_gettable_params(fns); + break; + case OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS: + if (deser->set_ctx_params == NULL) + deser->set_ctx_params = + OSSL_FUNC_deserializer_set_ctx_params(fns); + break; + case OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS: + if (deser->settable_ctx_params == NULL) + deser->settable_ctx_params = + OSSL_FUNC_deserializer_settable_ctx_params(fns); + break; + case OSSL_FUNC_DESERIALIZER_DESERIALIZE: + if (deser->deserialize == NULL) + deser->deserialize = OSSL_FUNC_deserializer_deserialize(fns); + break; + case OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT: + if (deser->export_object == NULL) + deser->export_object = OSSL_FUNC_deserializer_export_object(fns); + break; + } + } + /* + * Try to check that the method is sensible. + * If you have a constructor, you must have a destructor and vice versa. + * You must have at least one of the serializing driver functions. + */ + if (!((deser->newctx == NULL && deser->freectx == NULL) + || (deser->newctx != NULL && deser->freectx != NULL)) + || (deser->deserialize == NULL && deser->export_object == NULL)) { + OSSL_DESERIALIZER_free(deser); + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_INVALID_PROVIDER_FUNCTIONS); + return NULL; + } + + if (prov != NULL && !ossl_provider_up_ref(prov)) { + OSSL_DESERIALIZER_free(deser); + return NULL; + } + + deser->base.prov = prov; + return deser; +} + + +/* + * The core fetching functionality passes the names of the implementation. + * This function is responsible to getting an identity number for them, + * then call deserializer_from_dispatch() with that identity number. + */ +static void *construct_deserializer(const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov, void *unused) +{ + /* + * This function is only called if get_deserializer_from_store() returned + * NULL, so it's safe to say that of all the spots to create a new + * namemap entry, this is it. Should the name already exist there, we + * know that ossl_namemap_add() will return its corresponding number. + */ + OPENSSL_CTX *libctx = ossl_provider_library_context(prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + const char *names = algodef->algorithm_names; + int id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); + void *method = NULL; + + if (id != 0) + method = deserializer_from_dispatch(id, algodef, prov); + + return method; +} + +/* Intermediary function to avoid ugly casts, used below */ +static void destruct_deserializer(void *method, void *data) +{ + OSSL_DESERIALIZER_free(method); +} + +static int up_ref_deserializer(void *method) +{ + return OSSL_DESERIALIZER_up_ref(method); +} + +static void free_deserializer(void *method) +{ + OSSL_DESERIALIZER_free(method); +} + +/* Fetching support. Can fetch by numeric identity or by name */ +static OSSL_DESERIALIZER *inner_ossl_deserializer_fetch(OPENSSL_CTX *libctx, + int id, + const char *name, + const char *properties) +{ + OSSL_METHOD_STORE *store = get_deserializer_store(libctx); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + void *method = NULL; + + if (store == NULL || namemap == NULL) + return NULL; + + /* + * If we have been passed neither a name_id or a name, we have an + * internal programming error. + */ + if (!ossl_assert(id != 0 || name != NULL)) + return NULL; + + if (id == 0) + id = ossl_namemap_name2num(namemap, name); + + if (id == 0 + || !ossl_method_store_cache_get(store, id, properties, &method)) { + OSSL_METHOD_CONSTRUCT_METHOD mcm = { + alloc_tmp_deserializer_store, + dealloc_tmp_deserializer_store, + get_deserializer_from_store, + put_deserializer_in_store, + construct_deserializer, + destruct_deserializer + }; + struct deserializer_data_st mcmdata; + + mcmdata.libctx = libctx; + mcmdata.mcm = &mcm; + mcmdata.id = id; + mcmdata.names = name; + mcmdata.propquery = properties; + if ((method = ossl_method_construct(libctx, OSSL_OP_DESERIALIZER, + 0 /* !force_cache */, + &mcm, &mcmdata)) != NULL) { + /* + * If construction did create a method for us, we know that + * there is a correct name_id and meth_id, since those have + * already been calculated in get_deserializer_from_store() and + * put_deserializer_in_store() above. + */ + if (id == 0) + id = ossl_namemap_name2num(namemap, name); + ossl_method_store_cache_set(store, id, properties, method, + up_ref_deserializer, free_deserializer); + } + } + + return method; +} + +OSSL_DESERIALIZER *OSSL_DESERIALIZER_fetch(OPENSSL_CTX *libctx, + const char *name, + const char *properties) +{ + return inner_ossl_deserializer_fetch(libctx, 0, name, properties); +} + +OSSL_DESERIALIZER *ossl_deserializer_fetch_by_number(OPENSSL_CTX *libctx, + int id, + const char *properties) +{ + return inner_ossl_deserializer_fetch(libctx, id, NULL, properties); +} + +/* + * Library of basic method functions + */ + +const OSSL_PROVIDER *OSSL_DESERIALIZER_provider(const OSSL_DESERIALIZER *deser) +{ + if (!ossl_assert(deser != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return deser->base.prov; +} + +const char *OSSL_DESERIALIZER_properties(const OSSL_DESERIALIZER *deser) +{ + if (!ossl_assert(deser != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return deser->base.propdef; +} + +int OSSL_DESERIALIZER_number(const OSSL_DESERIALIZER *deser) +{ + if (!ossl_assert(deser != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return deser->base.id; +} + +int OSSL_DESERIALIZER_is_a(const OSSL_DESERIALIZER *deser, const char *name) +{ + if (deser->base.prov != NULL) { + OPENSSL_CTX *libctx = ossl_provider_library_context(deser->base.prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + return ossl_namemap_name2num(namemap, name) == deser->base.id; + } + return 0; +} + +struct deserializer_do_all_data_st { + void (*user_fn)(void *method, void *arg); + void *user_arg; +}; + +static void deserializer_do_one(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algodef, + int no_store, void *vdata) +{ + struct deserializer_do_all_data_st *data = vdata; + OPENSSL_CTX *libctx = ossl_provider_library_context(provider); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + const char *names = algodef->algorithm_names; + int id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); + void *method = NULL; + + if (id != 0) + method = + deserializer_from_dispatch(id, algodef, provider); + + if (method != NULL) { + data->user_fn(method, data->user_arg); + OSSL_DESERIALIZER_free(method); + } +} + +void OSSL_DESERIALIZER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(OSSL_DESERIALIZER *deser, + void *arg), + void *arg) +{ + struct deserializer_do_all_data_st data; + + data.user_fn = (void (*)(void *, void *))fn; + data.user_arg = arg; + ossl_algorithm_do_all(libctx, OSSL_OP_DESERIALIZER, NULL, + NULL, deserializer_do_one, NULL, + &data); +} + +void OSSL_DESERIALIZER_names_do_all(const OSSL_DESERIALIZER *deser, + void (*fn)(const char *name, void *data), + void *data) +{ + if (deser == NULL) + return; + + if (deser->base.prov != NULL) { + OPENSSL_CTX *libctx = ossl_provider_library_context(deser->base.prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + ossl_namemap_doall_names(namemap, deser->base.id, fn, data); + } +} + +const OSSL_PARAM * +OSSL_DESERIALIZER_gettable_params(OSSL_DESERIALIZER *deser) +{ + if (deser != NULL && deser->gettable_params != NULL) + return deser->gettable_params(); + return NULL; +} + +int OSSL_DESERIALIZER_get_params(OSSL_DESERIALIZER *deser, OSSL_PARAM params[]) +{ + if (deser != NULL && deser->get_params != NULL) + return deser->get_params(params); + return 0; +} + +const OSSL_PARAM * +OSSL_DESERIALIZER_settable_ctx_params(OSSL_DESERIALIZER *deser) +{ + if (deser != NULL && deser->settable_ctx_params != NULL) + return deser->settable_ctx_params(); + return NULL; +} + +/* + * Deserializer context support + */ + +/* + * |ser| value NULL is valid, and signifies that there is no deserializer. + * This is useful to provide fallback mechanisms. + * Functions that want to verify if there is a deserializer can do so with + * OSSL_DESERIALIZER_CTX_get_deserializer() + */ +OSSL_DESERIALIZER_CTX *OSSL_DESERIALIZER_CTX_new(void) +{ + OSSL_DESERIALIZER_CTX *ctx; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_MALLOC_FAILURE); + return NULL; + } + + return ctx; +} + +int OSSL_DESERIALIZER_CTX_set_params(OSSL_DESERIALIZER_CTX *ctx, + const OSSL_PARAM params[]) +{ + size_t i; + size_t l; + + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (ctx->deser_insts == NULL) + return 1; + + l = (size_t)sk_OSSL_DESERIALIZER_INSTANCE_num(ctx->deser_insts); + for (i = 0; i < l; i++) { + OSSL_DESERIALIZER_INSTANCE *deser_inst = + sk_OSSL_DESERIALIZER_INSTANCE_value(ctx->deser_insts, i); + + if (deser_inst->deserctx == NULL + || deser_inst->deser->set_ctx_params == NULL) + continue; + if (!deser_inst->deser->set_ctx_params(deser_inst->deserctx, params)) + return 0; + } + return 1; +} + +static void +OSSL_DESERIALIZER_INSTANCE_free(OSSL_DESERIALIZER_INSTANCE *deser_inst) +{ + if (deser_inst != NULL) { + if (deser_inst->deser->freectx != NULL) + deser_inst->deser->freectx(deser_inst->deserctx); + deser_inst->deserctx = NULL; + OSSL_DESERIALIZER_free(deser_inst->deser); + deser_inst->deser = NULL; + OPENSSL_free(deser_inst); + deser_inst = NULL; + } +} + +void OSSL_DESERIALIZER_CTX_free(OSSL_DESERIALIZER_CTX *ctx) +{ + if (ctx != NULL) { + if (ctx->cleaner != NULL) + ctx->cleaner(ctx->finalize_arg); + sk_OSSL_DESERIALIZER_INSTANCE_pop_free(ctx->deser_insts, + OSSL_DESERIALIZER_INSTANCE_free); + UI_destroy_method(ctx->allocated_ui_method); + OPENSSL_free(ctx); + } +} diff --git a/crypto/serializer/deserializer_pkey.c b/crypto/serializer/deserializer_pkey.c new file mode 100644 index 0000000000..0fafdf31aa --- /dev/null +++ b/crypto/serializer/deserializer_pkey.c @@ -0,0 +1,361 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "crypto/evp.h" +#include "serializer_local.h" + +int OSSL_DESERIALIZER_CTX_set_cipher(OSSL_DESERIALIZER_CTX *ctx, + const char *cipher_name, + const char *propquery) +{ + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_CIPHER, + (void *)cipher_name, 0); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_PROPERTIES, + (void *)propquery, 0); + + return OSSL_DESERIALIZER_CTX_set_params(ctx, params); +} + +int OSSL_DESERIALIZER_CTX_set_passphrase(OSSL_DESERIALIZER_CTX *ctx, + const unsigned char *kstr, + size_t klen) +{ + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_octet_string(OSSL_DESERIALIZER_PARAM_PASS, + (void *)kstr, klen); + + return OSSL_DESERIALIZER_CTX_set_params(ctx, params); +} + +static void deserializer_ctx_reset_passphrase_ui(OSSL_DESERIALIZER_CTX *ctx) +{ + UI_destroy_method(ctx->allocated_ui_method); + ctx->allocated_ui_method = NULL; + ctx->ui_method = NULL; + ctx->ui_data = NULL; +} + +int OSSL_DESERIALIZER_CTX_set_passphrase_ui(OSSL_DESERIALIZER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data) +{ + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + deserializer_ctx_reset_passphrase_ui(ctx); + ctx->ui_method = ui_method; + ctx->ui_data = ui_data; + return 1; +} + +int OSSL_DESERIALIZER_CTX_set_passphrase_cb(OSSL_DESERIALIZER_CTX *ctx, + pem_password_cb *cb, void *cbarg) +{ + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + deserializer_ctx_reset_passphrase_ui(ctx); + if (cb == NULL) + return 1; + ctx->ui_method = + ctx->allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0); + ctx->ui_data = cbarg; + + return ctx->ui_method != NULL; +} + +/* + * Support for OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY: + * Handle an object reference + */ + +DEFINE_STACK_OF(EVP_KEYMGMT) + +struct deser_EVP_PKEY_data_st { + char *object_type; /* recorded object data type, may be NULL */ + void **object; /* Where the result should end up */ + STACK_OF(EVP_KEYMGMT) *keymgmts; /* The EVP_KEYMGMTs we handle */ +}; + +static int deser_finalize_EVP_PKEY(OSSL_DESERIALIZER_INSTANCE *deser_inst, + const OSSL_PARAM *params, + void *finalize_arg) +{ + struct deser_EVP_PKEY_data_st *data = finalize_arg; + OSSL_DESERIALIZER *deser = + OSSL_DESERIALIZER_INSTANCE_deserializer(deser_inst); + void *deserctx = OSSL_DESERIALIZER_INSTANCE_deserializer_ctx(deser_inst); + size_t i, end_i; + /* + * |object_ref| points to a provider reference to an object, its exact + * contents entirely opaque to us, but may be passed to any provider + * function that expects this (such as OSSL_FUNC_keymgmt_load(). + * + * This pointer is considered volatile, i.e. whatever it points at + * is assumed to be freed as soon as this function returns. + */ + void *object_ref = NULL; + size_t object_ref_sz = 0; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_DATA_TYPE); + if (p != NULL) { + char *object_type = NULL; + + if (!OSSL_PARAM_get_utf8_string(p, &object_type, 0)) + return 0; + OPENSSL_free(data->object_type); + data->object_type = object_type; + } + + /* + * For stuff that should end up in an EVP_PKEY, we only accept an object + * reference for the moment. This enforces that the key data itself + * remains with the provider. + */ + p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_REFERENCE); + if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + object_ref = p->data; + object_ref_sz = p->data_size; + + /* We may have reached one of the goals, let's find out! */ + end_i = sk_EVP_KEYMGMT_num(data->keymgmts); + for (i = 0; end_i; i++) { + EVP_KEYMGMT *keymgmt = sk_EVP_KEYMGMT_value(data->keymgmts, i); + + /* + * There are two ways to find a matching KEYMGMT: + * + * 1. If the object data type (recorded in |data->object_type|) + * is defined, by checking it using EVP_KEYMGMT_is_a(). + * 2. If the object data type is NOT defined, by comparing the + * EVP_KEYMGMT and OSSL_DESERIALIZER method numbers. Since + * EVP_KEYMGMT and OSSL_DESERIALIZE operate with the same + * namemap, we know that the method numbers must match. + * + * This allows individual deserializers to specify variants of keys, + * such as a DER to RSA deserializer finding a RSA-PSS key, without + * having to deserialize the exact same DER blob into the exact same + * internal structure twice. This is, of course, entirely at the + * discretion of the deserializer implementations. + */ + if (data->object_type != NULL + ? EVP_KEYMGMT_is_a(keymgmt, data->object_type) + : EVP_KEYMGMT_number(keymgmt) == OSSL_DESERIALIZER_number(deser)) { + EVP_PKEY *pkey = NULL; + void *keydata = NULL; + const OSSL_PROVIDER *keymgmt_prov = + EVP_KEYMGMT_provider(keymgmt); + const OSSL_PROVIDER *deser_prov = + OSSL_DESERIALIZER_provider(deser); + + /* + * If the EVP_KEYMGMT and the OSSL_DDESERIALIZER are from the + * same provider, we assume that the KEYMGMT has a key loading + * function that can handle the provider reference we hold. + * + * Otherwise, we export from the deserializer and import the + * result in the keymgmt. + */ + if (keymgmt_prov == deser_prov) { + keydata = evp_keymgmt_load(keymgmt, object_ref, object_ref_sz); + } else { + struct evp_keymgmt_util_try_import_data_st import_data; + + import_data.keymgmt = keymgmt; + import_data.keydata = NULL; + import_data.selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; + + /* + * No need to check for errors here, the value of + * |import_data.keydata| is as much an indicator. + */ + (void)deser->export_object(deserctx, object_ref, object_ref_sz, + &evp_keymgmt_util_try_import, + &import_data); + keydata = import_data.keydata; + import_data.keydata = NULL; + } + + if (keydata != NULL + && (pkey = + evp_keymgmt_util_make_pkey(keymgmt, keydata)) == NULL) + evp_keymgmt_freedata(keymgmt, keydata); + + *data->object = pkey; + + break; + } + } + /* + * We successfully looked through, |*ctx->object| determines if we + * actually found something. + */ + return (*data->object != NULL); +} + +static void deser_clean_EVP_PKEY(void *finalize_arg) +{ + struct deser_EVP_PKEY_data_st *data = finalize_arg; + + sk_EVP_KEYMGMT_pop_free(data->keymgmts, EVP_KEYMGMT_free); + OPENSSL_free(data->object_type); + OPENSSL_free(data); +} + +DEFINE_STACK_OF_CSTRING() + +struct collected_data_st { + struct deser_EVP_PKEY_data_st *process_data; + STACK_OF(OPENSSL_CSTRING) *names; + + unsigned int error_occured:1; +}; + +static void collect_keymgmt(EVP_KEYMGMT *keymgmt, void *arg) +{ + struct collected_data_st *data = arg; + + if (data->error_occured) + return; + + data->error_occured = 1; /* Assume the worst */ + + if (!EVP_KEYMGMT_up_ref(keymgmt) /* ref++ */) + return; + if (sk_EVP_KEYMGMT_push(data->process_data->keymgmts, keymgmt) <= 0) { + EVP_KEYMGMT_free(keymgmt); /* ref-- */ + return; + } + + data->error_occured = 0; /* All is good now */ +} + +static void collect_name(const char *name, void *arg) +{ + struct collected_data_st *data = arg; + + if (data->error_occured) + return; + + data->error_occured = 1; /* Assume the worst */ + + if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0) + return; + + data->error_occured = 0; /* All is good now */ +} + +OSSL_DESERIALIZER_CTX * +OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, + const char *input_type, + OPENSSL_CTX *libctx, + const char *propquery) +{ + OSSL_DESERIALIZER_CTX *ctx = NULL; + struct collected_data_st *data = NULL; + size_t i, end_i; + + if ((ctx = OSSL_DESERIALIZER_CTX_new()) == NULL + || (data = OPENSSL_zalloc(sizeof(*data))) == NULL + || (data->process_data = + OPENSSL_zalloc(sizeof(*data->process_data))) == NULL + || (data->process_data->keymgmts + = sk_EVP_KEYMGMT_new_null()) == NULL + || (data->names = sk_OPENSSL_CSTRING_new_null()) == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_MALLOC_FAILURE); + goto err; + } + data->process_data->object = (void **)pkey; + OSSL_DESERIALIZER_CTX_set_input_type(ctx, input_type); + + /* First, find all keymgmts to form goals */ + EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, data); + + if (data->error_occured) + goto err; + + /* + * Then, use the names of those keymgmts to find the first set of + * derializers. + */ + ERR_set_mark(); + end_i = sk_EVP_KEYMGMT_num(data->process_data->keymgmts); + for (i = 0; i < end_i; i++) { + EVP_KEYMGMT *keymgmt = + sk_EVP_KEYMGMT_value(data->process_data->keymgmts, i); + size_t j; + OSSL_DESERIALIZER *deser = NULL; + + EVP_KEYMGMT_names_do_all(keymgmt, collect_name, data); + + for (j = sk_OPENSSL_CSTRING_num(data->names); + j-- > 0 && deser == NULL;) { + const char *name = sk_OPENSSL_CSTRING_pop(data->names); + + ERR_set_mark(); + deser = OSSL_DESERIALIZER_fetch(libctx, name, propquery); + ERR_pop_to_mark(); + } + + /* + * The names in |data->names| aren't allocated for the stack, + * so we can simply clear it and let it be re-used. + */ + sk_OPENSSL_CSTRING_zero(data->names); + + /* + * If we found a matching serializer, try to add it to the context. + */ + if (deser != NULL) { + (void)OSSL_DESERIALIZER_CTX_add_deserializer(ctx, deser); + OSSL_DESERIALIZER_free(deser); + } + } + /* If we found no deserializers to match the keymgmts, we err */ + if (OSSL_DESERIALIZER_CTX_num_deserializers(ctx) == 0) { + ERR_clear_last_mark(); + goto err; + } + ERR_pop_to_mark(); + + /* Finally, collect extra deserializers based on what we already have */ + (void)OSSL_DESERIALIZER_CTX_add_extra(ctx, libctx, propquery); + + if (!OSSL_DESERIALIZER_CTX_set_finalizer(ctx, deser_finalize_EVP_PKEY, + deser_clean_EVP_PKEY, + data->process_data)) + goto err; + + data->process_data = NULL; + err: + if (data->process_data != NULL) + sk_EVP_KEYMGMT_pop_free(data->process_data->keymgmts, + EVP_KEYMGMT_free); + OPENSSL_free(data->process_data); + sk_OPENSSL_CSTRING_free(data->names); + OPENSSL_free(data); + return ctx; +} diff --git a/crypto/serializer/serdes_pass.c b/crypto/serializer/serdes_pass.c new file mode 100644 index 0000000000..8a33af5e9a --- /dev/null +++ b/crypto/serializer/serdes_pass.c @@ -0,0 +1,159 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "internal/cryptlib.h" +#include "serializer_local.h" + +/* Passphrase callbacks for any who need it */ + +/* + * First, define the generic passphrase function that supports both + * outgoing (with passphrase verify) and incoming (without passphrase + * verify) passphrase reading. + */ +static int do_passphrase(char *pass, size_t pass_size, size_t *pass_len, + const OSSL_PARAM params[], void *arg, int verify, + const UI_METHOD *ui_method, void *ui_data, int errlib) +{ + const OSSL_PARAM *p; + const char *prompt_info = NULL; + char *prompt = NULL, *vpass = NULL; + int prompt_idx = -1, verify_idx = -1; + UI *ui = NULL; + int ret = 0; + + if (!ossl_assert(pass != NULL && pass_size != 0 && pass_len != NULL)) { + ERR_raise(errlib, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((p = OSSL_PARAM_locate_const(params, + OSSL_PASSPHRASE_PARAM_INFO)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + prompt_info = p->data; + } + + if ((ui = UI_new()) == NULL) { + ERR_raise(errlib, ERR_R_MALLOC_FAILURE); + return 0; + } + + UI_set_method(ui, ui_method); + UI_add_user_data(ui, ui_data); + + /* Get an application constructed prompt */ + prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if (prompt == NULL) { + ERR_raise(errlib, ERR_R_MALLOC_FAILURE); + goto end; + } + + prompt_idx = UI_add_input_string(ui, prompt, + UI_INPUT_FLAG_DEFAULT_PWD, + pass, 0, pass_size - 1) - 1; + if (prompt_idx < 0) { + ERR_raise(errlib, ERR_R_UI_LIB); + goto end; + } + + if (verify) { + /* Get a buffer for verification prompt */ + vpass = OPENSSL_zalloc(pass_size); + if (vpass == NULL) { + ERR_raise(errlib, ERR_R_MALLOC_FAILURE); + goto end; + } + verify_idx = UI_add_verify_string(ui, prompt, + UI_INPUT_FLAG_DEFAULT_PWD, + vpass, 0, pass_size - 1, + pass) - 1; + if (verify_idx < 0) { + ERR_raise(errlib, ERR_R_UI_LIB); + goto end; + } + } + + switch (UI_process(ui)) { + case -2: + ERR_raise(errlib, ERR_R_INTERRUPTED_OR_CANCELLED); + break; + case -1: + ERR_raise(errlib, ERR_R_UI_LIB); + break; + default: + *pass_len = (size_t)UI_get_result_length(ui, prompt_idx); + ret = 1; + break; + } + + end: + OPENSSL_free(vpass); + OPENSSL_free(prompt); + UI_free(ui); + return ret; +} + +/* + * Serializers typically want to get an outgoing passphrase, while + * deserializers typically want to get en incoming passphrase. + */ +int ossl_serializer_passphrase_out_cb(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], void *arg) +{ + OSSL_SERIALIZER_CTX *ctx = arg; + + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return do_passphrase(pass, pass_size, pass_len, params, arg, 1, + ctx->ui_method, ctx->ui_data, + ERR_LIB_OSSL_SERIALIZER); +} + +int ossl_deserializer_passphrase_in_cb(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], void *arg) +{ + OSSL_DESERIALIZER_CTX *ctx = arg; + + if (!ossl_assert(ctx != NULL)) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (ctx->cached_passphrase != NULL) { + size_t len = ctx->cached_passphrase_len; + + if (len > pass_size) + len = pass_size; + memcpy(pass, ctx->cached_passphrase, len); + *pass_len = len; + return 1; + } else { + if ((ctx->cached_passphrase = OPENSSL_zalloc(pass_size)) == NULL) { + ERR_raise(ERR_LIB_OSSL_DESERIALIZER, ERR_R_MALLOC_FAILURE); + return 0; + } + } + if (do_passphrase(pass, pass_size, pass_len, params, arg, 0, + ctx->ui_method, ctx->ui_data, + ERR_LIB_OSSL_DESERIALIZER)) { + memcpy(ctx->cached_passphrase, pass, *pass_len); + ctx->cached_passphrase_len = *pass_len; + return 1; + } + return 0; +} diff --git a/crypto/serializer/serializer_local.h b/crypto/serializer/serializer_local.h index 970c7c5585..acf600c285 100644 --- a/crypto/serializer/serializer_local.h +++ b/crypto/serializer/serializer_local.h @@ -9,17 +9,23 @@ #include #include +#include +#include +#include #include "internal/cryptlib.h" #include "internal/refcount.h" -struct ossl_serializer_st { +struct ossl_serdes_base_st { OSSL_PROVIDER *prov; int id; const char *propdef; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; +}; +struct ossl_serializer_st { + struct ossl_serdes_base_st base; OSSL_FUNC_serializer_newctx_fn *newctx; OSSL_FUNC_serializer_freectx_fn *freectx; OSSL_FUNC_serializer_set_ctx_params_fn *set_ctx_params; @@ -28,15 +34,31 @@ struct ossl_serializer_st { OSSL_FUNC_serializer_serialize_object_fn *serialize_object; }; +struct ossl_deserializer_st { + struct ossl_serdes_base_st base; + OSSL_FUNC_deserializer_newctx_fn *newctx; + OSSL_FUNC_deserializer_freectx_fn *freectx; + OSSL_FUNC_deserializer_get_params_fn *get_params; + OSSL_FUNC_deserializer_gettable_params_fn *gettable_params; + OSSL_FUNC_deserializer_set_ctx_params_fn *set_ctx_params; + OSSL_FUNC_deserializer_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_deserializer_deserialize_fn *deserialize; + OSSL_FUNC_deserializer_export_object_fn *export_object; +}; + struct ossl_serializer_ctx_st { OSSL_SERIALIZER *ser; void *serctx; int selection; - /* - * |object| is the libcrypto object to handle. - * |do_output| must have intimate knowledge of this object. + /*- + * Output / serializing data, used by OSSL_SERIALIZER_to_{bio,fp} + * + * |object| is the libcrypto object to handle. + * |do_output| performs the actual serialization. + * + * |do_output| must have intimate knowledge of |object|. */ const void *object; int (*do_output)(OSSL_SERIALIZER_CTX *ctx, BIO *out); @@ -50,3 +72,58 @@ struct ossl_serializer_ctx_st { */ UI_METHOD *allocated_ui_method; }; + +struct ossl_deserializer_instance_st { + OSSL_DESERIALIZER *deser; /* Never NULL */ + void *deserctx; /* Never NULL */ + const char *input_type; /* Never NULL */ +}; + +DEFINE_STACK_OF(OSSL_DESERIALIZER_INSTANCE) + +struct ossl_deserializer_ctx_st { + /* + * The caller may know the input type of the data they pass. If not, + * this will remain NULL and the deserializing functionality will start + * with trying to deserialize with any desserializer in |deser_insts|, + * regardless of their respective input type. + */ + const char *start_input_type; + + /* + * Deserializers that are components of any current deserialization path. + */ + STACK_OF(OSSL_DESERIALIZER_INSTANCE) *deser_insts; + + /* + * The finalizer of a deserialization, and its caller argument. + */ + OSSL_DESERIALIZER_FINALIZER *finalizer; + OSSL_DESERIALIZER_CLEANER *cleaner; + void *finalize_arg; + + /* For any function that needs a passphrase reader */ + const UI_METHOD *ui_method; + void *ui_data; + /* + * if caller used OSSL_SERIALIZER_CTX_set_passphrase_cb(), we need + * intermediary storage. + */ + UI_METHOD *allocated_ui_method; + /* + * Because the same input may pass through more than one deserializer, + * we cache any passphrase passed to us. The desrializing processor + * must clear this at the end of a run. + */ + unsigned char *cached_passphrase; + size_t cached_passphrase_len; +}; + +/* Passphrase callbacks, found in serdes_pass.c */ + +/* + * Serializers typically want to get an outgoing passphrase, while + * deserializers typically want to get en incoming passphrase. + */ +OSSL_PASSPHRASE_CALLBACK ossl_serializer_passphrase_out_cb; +OSSL_PASSPHRASE_CALLBACK ossl_deserializer_passphrase_in_cb; diff --git a/crypto/serializer/serializer_meth.c b/crypto/serializer/serializer_meth.c index d7c98891e4..c2ff1c0dca 100644 --- a/crypto/serializer/serializer_meth.c +++ b/crypto/serializer/serializer_meth.c @@ -29,13 +29,13 @@ static OSSL_SERIALIZER *ossl_serializer_new(void) OSSL_SERIALIZER *ser = NULL; if ((ser = OPENSSL_zalloc(sizeof(*ser))) == NULL - || (ser->lock = CRYPTO_THREAD_lock_new()) == NULL) { + || (ser->base.lock = CRYPTO_THREAD_lock_new()) == NULL) { OSSL_SERIALIZER_free(ser); ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_MALLOC_FAILURE); return NULL; } - ser->refcnt = 1; + ser->base.refcnt = 1; return ser; } @@ -44,7 +44,7 @@ int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *ser) { int ref = 0; - CRYPTO_UP_REF(&ser->refcnt, &ref, ser->lock); + CRYPTO_UP_REF(&ser->base.refcnt, &ref, ser->base.lock); return 1; } @@ -55,11 +55,11 @@ void OSSL_SERIALIZER_free(OSSL_SERIALIZER *ser) if (ser == NULL) return; - CRYPTO_DOWN_REF(&ser->refcnt, &ref, ser->lock); + CRYPTO_DOWN_REF(&ser->base.refcnt, &ref, ser->base.lock); if (ref > 0) return; - ossl_provider_free(ser->prov); - CRYPTO_THREAD_lock_free(ser->lock); + ossl_provider_free(ser->base.prov); + CRYPTO_THREAD_lock_free(ser->base.lock); OPENSSL_free(ser); } @@ -165,8 +165,8 @@ static void *serializer_from_dispatch(int id, const OSSL_ALGORITHM *algodef, if ((ser = ossl_serializer_new()) == NULL) return NULL; - ser->id = id; - ser->propdef = algodef->property_definition; + ser->base.id = id; + ser->base.propdef = algodef->property_definition; for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -220,7 +220,7 @@ static void *serializer_from_dispatch(int id, const OSSL_ALGORITHM *algodef, return NULL; } - ser->prov = prov; + ser->base.prov = prov; return ser; } @@ -348,7 +348,7 @@ const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER *ser) return 0; } - return ser->prov; + return ser->base.prov; } const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser) @@ -358,7 +358,7 @@ const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser) return 0; } - return ser->propdef; + return ser->base.propdef; } int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *ser) @@ -368,16 +368,16 @@ int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *ser) return 0; } - return ser->id; + return ser->base.id; } int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *ser, const char *name) { - if (ser->prov != NULL) { - OPENSSL_CTX *libctx = ossl_provider_library_context(ser->prov); + if (ser->base.prov != NULL) { + OPENSSL_CTX *libctx = ossl_provider_library_context(ser->base.prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - return ossl_namemap_name2num(namemap, name) == ser->id; + return ossl_namemap_name2num(namemap, name) == ser->base.id; } return 0; } @@ -433,11 +433,11 @@ void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *ser, if (ser == NULL) return; - if (ser->prov != NULL) { - OPENSSL_CTX *libctx = ossl_provider_library_context(ser->prov); + if (ser->base.prov != NULL) { + OPENSSL_CTX *libctx = ossl_provider_library_context(ser->base.prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - ossl_namemap_doall_names(namemap, ser->id, fn, data); + ossl_namemap_doall_names(namemap, ser->base.id, fn, data); } } diff --git a/crypto/serializer/serializer_pkey.c b/crypto/serializer/serializer_pkey.c index 1e7fc3eafb..6e24ed73f0 100644 --- a/crypto/serializer/serializer_pkey.c +++ b/crypto/serializer/serializer_pkey.c @@ -71,7 +71,7 @@ int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, return 1; } -int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, +int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, pem_password_cb *cb, void *cbarg) { if (!ossl_assert(ctx != NULL)) { @@ -83,7 +83,7 @@ int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, if (cb == NULL) return 1; ctx->ui_method = - ctx->allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, enc); + ctx->allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 1); ctx->ui_data = cbarg; return ctx->ui_method != NULL; @@ -107,110 +107,6 @@ static void cache_serializers(const char *name, void *data) d->error = 1; } -/* - * Support for OSSL_SERIALIZER_CTX_new_by_TYPE and OSSL_SERIALIZER_to_bio: - * Passphrase callbacks - */ - -/* - * First, we define the generic passphrase function that supports both - * outgoing (with passphrase verify) and incoming (without passphrase verify) - * passphrase reading. - */ -static int serializer_passphrase(char *pass, size_t pass_size, - size_t *pass_len, int verify, - const OSSL_PARAM params[], void *arg) -{ - OSSL_SERIALIZER_CTX *ctx = arg; - const OSSL_PARAM *p; - const char *prompt_info = NULL; - char *prompt = NULL, *vpass = NULL; - int prompt_idx = -1, verify_idx = -1; - UI *ui = NULL; - int ret = 0; - - if (!ossl_assert(ctx != NULL && pass != NULL - && pass_size != 0 && pass_len != NULL)) { - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if ((p = OSSL_PARAM_locate_const(params, - OSSL_PASSPHRASE_PARAM_INFO)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - prompt_info = p->data; - } - - if ((ui = UI_new()) == NULL) { - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_MALLOC_FAILURE); - return 0; - } - - UI_set_method(ui, ctx->ui_method); - UI_add_user_data(ui, ctx->ui_data); - - /* Get an application constructed prompt */ - prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if (prompt == NULL) { - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_MALLOC_FAILURE); - goto end; - } - - prompt_idx = UI_add_input_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - pass, 0, pass_size - 1) - 1; - if (prompt_idx < 0) { - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_UI_LIB); - goto end; - } - - if (verify) { - /* Get a buffer for verification prompt */ - vpass = OPENSSL_zalloc(pass_size); - if (vpass == NULL) { - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_MALLOC_FAILURE); - goto end; - } - verify_idx = UI_add_verify_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - vpass, 0, pass_size - 1, - pass) - 1; - if (verify_idx < 0) { - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_UI_LIB); - goto end; - } - } - - switch (UI_process(ui)) { - case -2: - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_INTERRUPTED_OR_CANCELLED); - break; - case -1: - ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_UI_LIB); - break; - default: - *pass_len = (size_t)UI_get_result_length(ui, prompt_idx); - ret = 1; - break; - } - - end: - OPENSSL_free(vpass); - OPENSSL_free(prompt); - UI_free(ui); - return ret; -} - -/* Ensure correct function definition for outgoing passphrase reader */ -static OSSL_PASSPHRASE_CALLBACK serializer_passphrase_out_cb; -static int serializer_passphrase_out_cb(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], void *arg) -{ - return serializer_passphrase(pass, pass_size, pass_len, 1, params, arg); -} - /* * Support for OSSL_SERIALIZER_to_bio: * writing callback for the OSSL_PARAM (the implementation doesn't have @@ -229,7 +125,7 @@ static int serializer_write_cb(const OSSL_PARAM params[], void *arg) BIO *out = write_data->out; return ctx->ser->serialize_data(ctx->serctx, params, (OSSL_CORE_BIO *)out, - serializer_passphrase_out_cb, ctx); + ossl_serializer_passphrase_out_cb, ctx); } /* @@ -266,7 +162,7 @@ static int serializer_EVP_PKEY_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out) return ctx->ser->serialize_object(ctx->serctx, keydata, (OSSL_CORE_BIO *)out, - serializer_passphrase_out_cb, ctx); + ossl_serializer_passphrase_out_cb, ctx); } /* diff --git a/doc/man3/OSSL_DESERIALIZER.pod b/doc/man3/OSSL_DESERIALIZER.pod new file mode 100644 index 0000000000..5562a8122b --- /dev/null +++ b/doc/man3/OSSL_DESERIALIZER.pod @@ -0,0 +1,146 @@ +=pod + +=head1 NAME + +OSSL_DESERIALIZER, +OSSL_DESERIALIZER_fetch, +OSSL_DESERIALIZER_up_ref, +OSSL_DESERIALIZER_free, +OSSL_DESERIALIZER_provider, +OSSL_DESERIALIZER_properties, +OSSL_DESERIALIZER_is_a, +OSSL_DESERIALIZER_number, +OSSL_DESERIALIZER_do_all_provided, +OSSL_DESERIALIZER_names_do_all, +OSSL_DESERIALIZER_gettable_params, +OSSL_DESERIALIZER_get_params +- Deserializer method routines + +=head1 SYNOPSIS + + #include + + typedef struct ossl_deserializer_st OSSL_DESERIALIZER; + + OSSL_DESERIALIZER *OSSL_DESERIALIZER_fetch(OPENSSL_CTX *ctx, const char *name, + const char *properties); + int OSSL_DESERIALIZER_up_ref(OSSL_DESERIALIZER *deserializer); + void OSSL_DESERIALIZER_free(OSSL_DESERIALIZER *deserializer); + const OSSL_PROVIDER *OSSL_DESERIALIZER_provider(const OSSL_DESERIALIZER + *deserializer); + const char *OSSL_DESERIALIZER_properties(const OSSL_DESERIALIZER *deser); + int OSSL_DESERIALIZER_is_a(const OSSL_DESERIALIZER *deserializer, + const char *name); + int OSSL_DESERIALIZER_number(const OSSL_DESERIALIZER *deserializer); + void OSSL_DESERIALIZER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(OSSL_DESERIALIZER *deserializer, + void *arg), + void *arg); + void OSSL_DESERIALIZER_names_do_all(const OSSL_DESERIALIZER *deserializer, + void (*fn)(const char *name, void *data), + void *data); + const OSSL_PARAM *OSSL_DESERIALIZER_gettable_params(OSSL_DESERIALIZER *deser); + int OSSL_DESERIALIZER_get_params(OSSL_DESERIALIZER_CTX *ctx, + const OSSL_PARAM params[]); + +=head1 DESCRIPTION + +B is a method for deserializers, which know how to +deserialize serialized data into an object of some type that the rest +of OpenSSL knows how to handle. + +OSSL_DESERIALIZER_fetch() looks for an algorithm within the provider that +has been loaded into the B given by I, having the +name given by I and the properties given by I. +The I determines what type of object the fetched deserializer +method is expected to be able to deserialize, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in L. + +OSSL_DESERIALIZER_up_ref() increments the reference count for the given +I. + +OSSL_DESERIALIZER_free() decrements the reference count for the given +I, and when the count reaches zero, frees it. + +OSSL_DESERIALIZER_provider() returns the provider of the given +I. + +OSSL_DESERIALIZER_properties() returns the property definition associated +with the given I. + +OSSL_DESERIALIZER_is_a() checks if I is an implementation +of an algorithm that's identifiable with I. + +OSSL_DESERIALIZER_number() returns the internal dynamic number assigned +to the given I. + +OSSL_DESERIALIZER_names_do_all() traverses all names for the given +I, and calls I with each name and I. + +OSSL_DESERIALIZER_do_all_provided() traverses all serializer +implementations by all activated providers in the library context +I, and for each of the implementations, calls I with the +implementation method and I as arguments. + +OSSL_DESERIALIZER_gettable_params() returns an L +array of parameter descriptors. + +OSSL_DESERIALIZER_get_params() attempts to get parameters specified +with an L array I. Parameters that the +implementation doesn't recognise should be ignored. + +=head1 RETURN VALUES + +OSSL_DESERIALIZER_fetch() returns a pointer to an OSSL_DESERIALIZER object, +or NULL on error. + +OSSL_DESERIALIZER_up_ref() returns 1 on success, or 0 on error. + +OSSL_DESERIALIZER_free() doesn't return any value. + +OSSL_DESERIALIZER_provider() returns a pointer to a provider object, or +NULL on error. + +OSSL_DESERIALIZER_properties() returns a pointer to a property +definition string, or NULL on error. + +OSSL_DESERIALIZER_is_a() returns 1 if I was identifiable, +otherwise 0. + +OSSL_DESERIALIZER_number() returns an integer. + +=head1 NOTES + +OSSL_DESERIALIZER_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this. + +=begin comment TODO(3.0) Add examples! + +=head1 EXAMPLES + +Text, because pod2xxx doesn't like empty sections + +=end comment + +=head1 SEE ALSO + +L, L, L, +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_DESERIALIZER_CTX.pod b/doc/man3/OSSL_DESERIALIZER_CTX.pod new file mode 100644 index 0000000000..413584f8dc --- /dev/null +++ b/doc/man3/OSSL_DESERIALIZER_CTX.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +OSSL_DESERIALIZER_CTX, +OSSL_DESERIALIZER_CTX_new, +OSSL_DESERIALIZER_settable_ctx_params, +OSSL_DESERIALIZER_CTX_set_params, +OSSL_DESERIALIZER_CTX_free +- Serializer context routines + +=head1 SYNOPSIS + + #include + + typedef struct ossl_deserializer_ctx_st OSSL_DESERIALIZER_CTX; + + OSSL_DESERIALIZER_CTX *OSSL_DESERIALIZER_CTX_new(OPENSSL_CTX *libctx); + const OSSL_PARAM *OSSL_DESERIALIZER_settable_ctx_params(OSSL_DESERIALIZER *deser); + int OSSL_DESERIALIZER_CTX_set_params(OSSL_DESERIALIZER_CTX *ctx, + const OSSL_PARAM params[]); + void OSSL_DESERIALIZER_CTX_free(OSSL_DESERIALIZER_CTX *ctx); + +=head1 DESCRIPTION + +B is a context with which B +operations are performed. The context typically holds values, both +internal and supplied by the application, which are useful for the +implementations supplied by providers. + +OSSL_DESERIALIZER_CTX_new() creates a new empty B. + +OSSL_DESERIALIZER_settable_ctx_params() returns an L +array of parameter descriptors. + +OSSL_DESERIALIZER_CTX_set_params() attempts to set parameters specified +with an L array I. These parameters are passed +to all deserializers that have been added to the I so far. +Parameters that an implementation doesn't recognise should be ignored +by it. + +OSSL_DESERIALIZER_CTX_free() frees the given context I. + +=head1 RETURN VALUES + +OSSL_DESERIALIZER_CTX_new() returns a pointer to a +B, or NULL if the context structure couldn't be +allocated. + +OSSL_DESERIALIZER_settable_ctx_params() returns an L +array, or NULL if none is available. + +OSSL_DESERIALIZER_CTX_set_params() returns 1 if all recognised +parameters were valid, or 0 if one of them was invalid or caused some +other failure in the implementation. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.pod b/doc/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.pod new file mode 100644 index 0000000000..9ed4e5992e --- /dev/null +++ b/doc/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.pod @@ -0,0 +1,117 @@ +=pod + +=head1 NAME + +OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY, +OSSL_DESERIALIZER_CTX_set_cipher, +OSSL_DESERIALIZER_CTX_set_passphrase, +OSSL_DESERIALIZER_CTX_set_passphrase_cb, +OSSL_DESERIALIZER_CTX_set_passphrase_ui +- Deserializer routines to deserialize EVP_PKEYs + +=head1 SYNOPSIS + + #include + + OSSL_DESERIALIZER_CTX * + OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, + const char *input_type, + OPENSSL_CTX *libctx, + const char *propquery); + + int OSSL_DESERIALIZER_CTX_set_cipher(OSSL_DESERIALIZER_CTX *ctx, + const char *cipher_name, + const char *propquery); + int OSSL_DESERIALIZER_CTX_set_passphrase(OSSL_DESERIALIZER_CTX *ctx, + const unsigned char *kstr, + size_t klen); + int OSSL_DESERIALIZER_CTX_set_passphrase_cb(OSSL_DESERIALIZER_CTX *ctx, + pem_password_cb *cb, void *cbarg); + int OSSL_DESERIALIZER_CTX_set_passphrase_ui(OSSL_DESERIALIZER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); + +=head1 DESCRIPTION + +OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY() is a utility function that +creates a B, finds all applicable deserializer +implementations and sets them up, so all the caller has to do next is +call functions like OSSL_DESERIALIZE_from_bio(). + +Internally OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY() searches for all +available L implementations, and then builds a list of all +potential deserializer implementations that may be able to process the +serialized input into data suitable for Bs. All these +implementations are implicitly fetched using I and I. + +The search of deserializer implementations can be limited with +I, which specifies a starting input type. This is further +explained in L. + +If no suitable deserializer was found, OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY() +still creates a B, but with no associated +deserializer (L returns +zero). This helps the caller distinguish between an error when +creating the B, and the lack the deserializer +support and act accordingly. + +OSSL_DESERIALIZER_CTX_set_cipher() tells the implementation what cipher +should be used to decrypt serialized keys. The cipher is given by +name I. The interpretation of that I is +implementation dependent. The implementation may implement the cipher +directly itself, or it may choose to fetch it. If the implementation +supports fetching the cipher, then it may use I as +properties to be queried for when fetching. I may also +be NULL, which will result in failure if the serialized input is an +encrypted key. + +OSSL_DESERIALIZER_CTX_set_passphrase() gives the implementation a +pass phrase to use when decrypting the serialized private key. +Alternatively, a pass phrase callback may be specified with the +following functions. + +OSSL_DESERIALIZER_CTX_set_passphrase_cb() and +OSSL_DESERIALIZER_CTX_set_passphrase_ui() sets up a callback method that +the implementation can use to prompt for a pass phrase. + +=for comment Note that the callback method is called indirectly, +through an internal B function. + +=head1 RETURN VALUES + +OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY() returns a pointer to a +B, or NULL if it couldn't be created. + +OSSL_DESERIALIZER_CTX_set_cipher(), +OSSL_DESERIALIZER_CTX_set_passphrase(), +OSSL_DESERIALIZER_CTX_set_passphrase_cb(), and +OSSL_DESERIALIZER_CTX_set_passphrase_ui() all return 1 on success, or 0 +on failure. + +=head1 NOTES + +Parts of the function names are made to match already existing OpenSSL +names. + +B in OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY() matches the type +name, thus making for the naming pattern +B>() when new types are handled. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_DESERIALIZER_from_bio.pod b/doc/man3/OSSL_DESERIALIZER_from_bio.pod new file mode 100644 index 0000000000..8c372a6cf6 --- /dev/null +++ b/doc/man3/OSSL_DESERIALIZER_from_bio.pod @@ -0,0 +1,253 @@ +=pod + +=head1 NAME + +OSSL_DESERIALIZER_from_bio, +OSSL_DESERIALIZER_from_fp, +OSSL_DESERIALIZER_CTX_set_input_type, +OSSL_DESERIALIZER_CTX_add_deserializer, +OSSL_DESERIALIZER_CTX_add_extra, +OSSL_DESERIALIZER_CTX_num_deserializers, +OSSL_DESERIALIZER_INSTANCE, +OSSL_DESERIALIZER_FINALIZER, +OSSL_DESERIALIZER_CLEANER, +OSSL_DESERIALIZER_CTX_set_finalizer, +OSSL_DESERIALIZER_export, +OSSL_DESERIALIZER_INSTANCE_deserializer, +OSSL_DESERIALIZER_INSTANCE_deserializer_ctx +- Routines to perform a deserialization + +=head1 SYNOPSIS + + #include + + int OSSL_DESERIALIZER_from_bio(OSSL_DESERIALIZER_CTX *ctx, BIO *in); + int OSSL_DESERIALIZER_from_fp(OSSL_DESERIALIZER_CTX *ctx, FILE *fp); + + int OSSL_DESERIALIZER_CTX_set_input_type(OSSL_DESERIALIZER_CTX *ctx, + const char *input_type); + int OSSL_DESERIALIZER_CTX_add_deserializer(OSSL_DESERIALIZER_CTX *ctx, + OSSL_DESERIALIZER *deser); + int OSSL_DESERIALIZER_CTX_add_extra(OSSL_DESERIALIZER_CTX *ctx); + int OSSL_DESERIALIZER_CTX_num_deserializers(OSSL_DESERIALIZER_CTX *ctx); + + typedef struct ossl_deserializer_instance_st OSSL_DESERIALIZER_INSTANCE; + typedef int (OSSL_DESERIALIZER_FINALIZER) + (OSSL_DESERIALIZER_INSTANCE *deser_inst, + const OSSL_PARAM *params, void *finalize_arg); + typedef void (OSSL_DESERIALIZER_CLEANER)(void *finalize_arg); + + int OSSL_DESERIALIZER_CTX_set_finalizer(OSSL_DESERIALIZER_CTX *ctx, + OSSL_DESRIALIZER_FINALIZER *finalizer, + OSSL_DESERIALIZER_CLEANER *cleaner, + void *finalize_arg); + + int OSSL_DESERIALIZER_export(OSSL_DESERIALIZER_INSTANCE *deser_inst, + void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg); + + OSSL_DESERIALIZER *OSSL_DESERIALIZER_INSTANCE_deserializer + (OSSL_DESERIALIZER_INSTANCE *deser_inst); + void *OSSL_DESERIALIZER_INSTANCE_deserializer_ctx + (OSSL_DESERIALIZER_INSTANCE *deser_inst); + +Feature availability macros: + +=over 4 + +=item OSSL_DESERIALIZER_from_fp() is only available when B +is undefined. + +=back + +=head1 DESCRIPTION + +The B holds data about multiple deserializers, as +needed to figure out what the input data is and to attempt to unpack it into +one of several possible related results. This also includes chaining +deserializers, so the output from one can become the input for another. +This allows having generic format deserializers such as PEM to DER, as well +as more specialized deserializers like DER to RSA. + +The chains may be limited by specifying an input type, which is considered a +starting point. +This is both considered by OSSL_DESERIALIZER_CTX_add_extra(), which will +stop adding on more deserializer implementations when it has already added +those that take the specified input type, and OSSL_DESERIALIZER_from_bio(), +which will only start the deserializing process with the deserializer +implementations that take that input type. For example, if the input type +is set to C, a PEM to DER deserializer will be ignored. + +The input type can also be NULL, which means that the caller doesn't know +what type of input they have. In this case, OSSL_DESERIALIZER_from_bio() +will simply try with one deserializer implementation after the other, and +thereby discover what kind of input the caller gave it. + +For every deserialization done, even intermediary, a I +provided by the caller is used to attempt to "finalize" the current +deserialization output, which is always a provider side object of some +sort, by "wrapping" it into some appropriate type or structure that +the caller knows how to handle. Exactly what this "wrapping" consists +of is entirely at the discretion of the I. + +B is an opaque structure that contains +data about the deserializer that was just used, and that may be +useful for the I. There are some functions to extract data +from this type, described further down. + +=head2 Functions + +OSSL_DESERIALIZER_from_bio() runs the deserialization process for the +context I, with the input coming from the B I. The +application is required to set up the B properly, for example to +have it in text or binary mode if that's appropriate. + +=for comment Know your deserializer! + +OSSL_DESERIALIZER_from_fp() does the same thing as OSSL_DESERIALIZER_from_bio(), +except that the input is coming from the B I. + +OSSL_DESERIALIZER_CTX_add_deserializer() populates the B +I with a deserializer, to be used to attempt to deserialize some +serialized input. + +OSSL_DESERIALIZER_CTX_add_extra() finds deserializers that generate +input for already added deserializers, and adds them as well. This is +used to build deserializer chains. + +OSSL_DESERIALIZER_CTX_set_input_type() sets the starting input type. This +limits the deserializer chains to be considered, as explained in the general +description above. + +OSSL_DESERIALIZER_CTX_num_deserializers() gets the number of +deserializers currently added to the context I. + +OSSL_DESERIALIZER_CTX_set_finalizer() sets the I function +together with the caller argument for the finalizer, I, +as well as I, the function to clean up I when +the deserialization has concluded. + +OSSL_DESERIALIZER_export() is a fallback function for I +that can't use the data they get directly for diverse reasons. It +takes the same deserialize instance I that the +I got and an object I, unpacks the object that +refers to, and exports it by creating an L array that +it then passes to I, along with I. + +OSSL_DESERIALIZER_INSTANCE_deserializer() can be used to get the +deserializer method from a deserializer instance I. + +OSSL_DESERIALIZER_INSTANCE_deserializer-ctx() can be used to get the +deserializer method's provider context from a deserializer instance +I. + +=head2 Finalizer + +The I gets the following arguments: + +=over 4 + +=item I + +The B for the deserializer from which +I gets its data. + +=item I + +The data produced by the deserializer, further described below. + +=item I + +The pointer that was set with OSSL_DESERIALIZE_CTX_set_finalizer() as +I. + +=back + +The I is expected to return 1 when the data it receives can +be "finalized", otherwise 0. + +The globally known parameters that I can get in I +are: + +=over 4 + +=item "data-type" (B) + +This is a detected content type that some deserializers may provide. +For example, PEM input sometimes has a type specified in its header, +and some deserializers may add that information as this parameter. +This is an optional parameter, but may be useful for extra checks in +the I. + +=item "data" (B) + +The deserialized data itself, as an octet string. This is produced by +deserializers when it's possible to pass an object in this form. Most +often, this is simply meant to be passed to the next deserializer in a +chain, but could be considered final data as well, at the discretion +of the I. + +=item "reference" (B) + +The deserialized data itself, as a reference to an object. The +reference itself is an octet string, and can be passed to other +operations and functions within the same provider as the one that +provides I. + +=back + +At least one of "data" or "reference" must be present, and it's +possible that both can be. A I should choose to use the +"reference" parameter if possible, otherwise the "data" parameter. + +If it's not possible to use the "reference" parameter, but that's +still what a I wants to do, it is possible to use +OSSL_DESERIALIZER_export() as a fallback. + +=head1 RETURN VALUES + +OSSL_DESERIALIZER_from_bio() and OSSL_DESERIALIZER_from_fp() return 1 on +success, or 0 on failure. + +OSSL_DESERIALIZER_CTX_add_deserializer(), +OSSL_DESERIALIZER_CTX_add_extra(), and +OSSL_DESERIALIZER_CTX_set_finalizer() return 1 on success, or 0 on +failure. + +OSSL_DESERIALIZER_CTX_num_deserializers() returns the current +number of deserializers. It returns 0 if I is NULL. + +OSSL_DESERIALIZER_export() returns 1 on success, or 0 on failure. + +OSSL_DESERIALIZER_INSTANCE_deserializer() returns an +B pointer on success, or NULL on failure. + +OSSL_DESERIALIZER_INSTANCE_deserializer_ctx() returns a provider +context pointer on success, or NULL on failure.> + +=begin comment TODO(3.0) Add examples! + +=head1 EXAMPLES + +Text, because pod2xxx doesn't like empty sections + +=end comment + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod b/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod index 43dddbce02..5797ab1caa 100644 --- a/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod +++ b/doc/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.pod @@ -31,7 +31,7 @@ OSSL_SERIALIZER_Parameters_TO_TEXT_PQ int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx, const unsigned char *kstr, size_t klen); - int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, + int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, pem_password_cb *cb, void *cbarg); int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, const UI_METHOD *ui_method, diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index aa2be41acc..43743798ac 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -18,6 +18,7 @@ provider-keymgmt - The KEYMGMT library E-E provider functions void *OSSL_FUNC_keymgmt_new(void *provctx); void OSSL_FUNC_keymgmt_free(void *keydata); + /* Generation, a more complex constructor */ void *OSSL_FUNC_keymgmt_gen_init(void *provctx, int selection); int OSSL_FUNC_keymgmt_gen_set_template(void *genctx, void *template); int OSSL_FUNC_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]); @@ -25,6 +26,9 @@ provider-keymgmt - The KEYMGMT library E-E provider functions void *OSSL_FUNC_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg); void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx); + /* Key loading by object reference, also a constructor */ + void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz); + /* Key object information */ int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]); const OSSL_PARAM *OSSL_FUNC_keymgmt_gettable_params(void); @@ -94,6 +98,8 @@ macros in L, as follows: OSSL_FUNC_keymgmt_gen OSSL_FUNC_KEYMGMT_GEN OSSL_FUNC_keymgmt_gen_cleanup OSSL_FUNC_KEYMGMT_GEN_CLEANUP + OSSL_FUNC_keymgmt_load OSSL_FUNC_KEYMGMT_LOAD + OSSL_FUNC_keymgmt_get_params OSSL_FUNC_KEYMGMT_GET_PARAMS OSSL_FUNC_keymgmt_gettable_params OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS OSSL_FUNC_keymgmt_set_params OSSL_FUNC_KEYMGMT_SET_PARAMS @@ -209,8 +215,8 @@ OSSL_FUNC_keymgmt_free() should free the passed I. OSSL_FUNC_keymgmt_gen_init(), OSSL_FUNC_keymgmt_gen_set_template(), OSSL_FUNC_keymgmt_gen_set_params(), OSSL_FUNC_keymgmt_gen_settable_params(), -OSSL_FUNC_keymgmt_gen() and OSSL_FUNC_keymgmt_gen_cleanup() work together as a more -elaborate context based key object constructor. +OSSL_FUNC_keymgmt_gen() and OSSL_FUNC_keymgmt_gen_cleanup() work together as a +more elaborate context based key object constructor. OSSL_FUNC_keymgmt_gen_init() should create the key object generation context and initialize it with I, which will determine what kind @@ -238,10 +244,15 @@ progresses. OSSL_FUNC_keymgmt_gen_cleanup() should clean up and free the key object generation context I -At least one of OSSL_FUNC_keymgmt_new() and OSSL_FUNC_keymgmt_gen() are mandatory, -as well as OSSL_FUNC_keymgmt_free(). Additionally, if OSSL_FUNC_keymgmt_gen() is -present, OSSL_FUNC_keymgmt_gen_init() and OSSL_FUNC_keymgmt_gen_cleanup() must be -present as well. +OSSL_FUNC_keymgmt_load() creates a provider side key object based on a +I object with a size of I bytes, that only the +provider knows how to interpret, but that may come from other operations. +Outside the provider, this reference is simply an array of bytes. + +At least one of OSSL_FUNC_keymgmt_new(), OSSL_FUNC_keymgmt_gen() and +OSSL_FUNC_keymgmt_load() are mandatory, as well as OSSL_FUNC_keymgmt_free(). +Additionally, if OSSL_FUNC_keymgmt_gen() is present, OSSL_FUNC_keymgmt_gen_init() +and OSSL_FUNC_keymgmt_gen_cleanup() must be present as well. =head2 Key Object Information Functions diff --git a/include/crypto/evp.h b/include/crypto/evp.h index ec2fc1c805..2e85b56266 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -657,6 +657,21 @@ void evp_pkey_free_legacy(EVP_PKEY *x); /* * KEYMGMT utility functions */ + +/* + * Key import structure and helper function, to be used as an export callback + */ +struct evp_keymgmt_util_try_import_data_st { + EVP_KEYMGMT *keymgmt; + void *keydata; + + int selection; +}; +int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); +int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, + void *keydata); +EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); + void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); size_t evp_keymgmt_util_find_operation_cache_index(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); @@ -698,6 +713,9 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, OSSL_CALLBACK *cb, void *cbarg); void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); +void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, + const void *objref, size_t objref_sz); + int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, int selection); diff --git a/include/crypto/serializer.h b/include/crypto/serializer.h index c40788f78b..df4953994f 100644 --- a/include/crypto/serializer.h +++ b/include/crypto/serializer.h @@ -11,3 +11,5 @@ OSSL_SERIALIZER *ossl_serializer_fetch_by_number(OPENSSL_CTX *libctx, int id, const char *properties); +OSSL_DESERIALIZER *ossl_deserializer_fetch_by_number(OPENSSL_CTX *libctx, int id, + const char *properties); diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index fba1d5643f..d0dd6fe2b5 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -156,10 +156,11 @@ typedef struct ossl_ex_data_global_st { # define OPENSSL_CTX_THREAD_EVENT_HANDLER_INDEX 8 # define OPENSSL_CTX_FIPS_PROV_INDEX 9 # define OPENSSL_CTX_SERIALIZER_STORE_INDEX 10 -# define OPENSSL_CTX_SELF_TEST_CB_INDEX 11 -# define OPENSSL_CTX_BIO_PROV_INDEX 12 -# define OPENSSL_CTX_GLOBAL_PROPERTIES 13 -# define OPENSSL_CTX_MAX_INDEXES 14 +# define OPENSSL_CTX_DESERIALIZER_STORE_INDEX 11 +# define OPENSSL_CTX_SELF_TEST_CB_INDEX 12 +# define OPENSSL_CTX_BIO_PROV_INDEX 13 +# define OPENSSL_CTX_GLOBAL_PROPERTIES 14 +# define OPENSSL_CTX_MAX_INDEXES 15 typedef struct openssl_ctx_method { void *(*new_func)(OPENSSL_CTX *ctx); diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 0feb38b417..c3f6c88f46 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -135,6 +135,9 @@ OSSL_CORE_MAKE_FUNC(void, #define OSSL_FUNC_BIO_FREE 44 #define OSSL_FUNC_BIO_VPRINTF 45 #define OSSL_FUNC_BIO_VSNPRINTF 46 +#define OSSL_FUNC_BIO_PUTS 47 +#define OSSL_FUNC_BIO_GETS 48 + OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, const char *mode)) @@ -143,6 +146,8 @@ OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read)) OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written)) +OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size)) +OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str)) OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio)) OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args)) @@ -185,8 +190,9 @@ OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, # define OSSL_OP_ASYM_CIPHER 13 /* New section for non-EVP operations */ # define OSSL_OP_SERIALIZER 20 +# define OSSL_OP_DESERIALIZER 21 /* Highest known operation number */ -# define OSSL_OP__HIGHEST 20 +# define OSSL_OP__HIGHEST 21 /* Digests */ @@ -477,6 +483,11 @@ OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen, (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx)) +/* Key loading by object reference */ +# define OSSL_FUNC_KEYMGMT_LOAD 8 +OSSL_CORE_MAKE_FUNC(void *, keymgmt_load, + (const void *reference, size_t reference_sz)) + /* Basic key object destruction */ # define OSSL_FUNC_KEYMGMT_FREE 10 OSSL_CORE_MAKE_FUNC(void, keymgmt_free, (void *keydata)) @@ -689,7 +700,7 @@ OSSL_CORE_MAKE_FUNC(int, asym_cipher_set_ctx_params, OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params, (void)) -/* Serializers */ +/* Serializers and deserializers */ # define OSSL_FUNC_SERIALIZER_NEWCTX 1 # define OSSL_FUNC_SERIALIZER_FREECTX 2 # define OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS 3 @@ -710,6 +721,31 @@ OSSL_CORE_MAKE_FUNC(int, serializer_serialize_object, (void *ctx, void *obj, OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) +# define OSSL_FUNC_DESERIALIZER_NEWCTX 1 +# define OSSL_FUNC_DESERIALIZER_FREECTX 2 +# define OSSL_FUNC_DESERIALIZER_GET_PARAMS 3 +# define OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS 4 +# define OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS 5 +# define OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS 6 +# define OSSL_FUNC_DESERIALIZER_DESERIALIZE 10 +# define OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT 11 +OSSL_CORE_MAKE_FUNC(void *, deserializer_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, deserializer_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, deserializer_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, deserializer_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(int, deserializer_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, deserializer_settable_ctx_params, + (void)) + +OSSL_CORE_MAKE_FUNC(int, deserializer_deserialize, + (void *ctx, OSSL_CORE_BIO *in, + OSSL_CALLBACK *metadata_cb, void *metadata_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) +OSSL_CORE_MAKE_FUNC(int, deserializer_export_object, + (void *ctx, const void *objref, size_t objref_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg)) + # ifdef __cplusplus } # endif diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 702ee6a6ed..9ce4115a89 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -397,13 +397,21 @@ extern "C" { #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" /* - * Serializer parameters + * Serializer / deserializer parameters */ /* The passphrase may be passed as a utf8 string or an octet string */ #define OSSL_SERIALIZER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER #define OSSL_SERIALIZER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES #define OSSL_SERIALIZER_PARAM_PASS "passphrase" +#define OSSL_DESERIALIZER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +#define OSSL_DESERIALIZER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_DESERIALIZER_PARAM_PASS "passphrase" +#define OSSL_DESERIALIZER_PARAM_INPUT_TYPE "input-type" +#define OSSL_DESERIALIZER_PARAM_DATA_TYPE "data-type" +#define OSSL_DESERIALIZER_PARAM_DATA "data" +#define OSSL_DESERIALIZER_PARAM_REFERENCE "reference" + /* Passphrase callback parameters */ #define OSSL_PASSPHRASE_PARAM_INFO "info" diff --git a/include/openssl/deserializer.h b/include/openssl/deserializer.h new file mode 100644 index 0000000000..d54e47915d --- /dev/null +++ b/include/openssl/deserializer.h @@ -0,0 +1,120 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DESERIALIZER_H +# define OPENSSL_DESERIALIZER_H +# pragma once + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +OSSL_DESERIALIZER *OSSL_DESERIALIZER_fetch(OPENSSL_CTX *libctx, + const char *name, + const char *properties); +int OSSL_DESERIALIZER_up_ref(OSSL_DESERIALIZER *ser); +void OSSL_DESERIALIZER_free(OSSL_DESERIALIZER *ser); + +const OSSL_PROVIDER *OSSL_DESERIALIZER_provider(const OSSL_DESERIALIZER *ser); +const char *OSSL_DESERIALIZER_properties(const OSSL_DESERIALIZER *ser); +int OSSL_DESERIALIZER_number(const OSSL_DESERIALIZER *ser); +int OSSL_DESERIALIZER_is_a(const OSSL_DESERIALIZER *ser, + const char *name); + +void OSSL_DESERIALIZER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(OSSL_DESERIALIZER *ser, + void *arg), + void *arg); +void OSSL_DESERIALIZER_names_do_all(const OSSL_DESERIALIZER *ser, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *OSSL_DESERIALIZER_gettable_params(OSSL_DESERIALIZER *deser); +int OSSL_DESERIALIZER_get_params(OSSL_DESERIALIZER *deser, OSSL_PARAM params[]); + +const OSSL_PARAM *OSSL_DESERIALIZER_settable_ctx_params(OSSL_DESERIALIZER *ser); +OSSL_DESERIALIZER_CTX *OSSL_DESERIALIZER_CTX_new(void); +int OSSL_DESERIALIZER_CTX_set_params(OSSL_DESERIALIZER_CTX *ctx, + const OSSL_PARAM params[]); +void OSSL_DESERIALIZER_CTX_free(OSSL_DESERIALIZER_CTX *ctx); + +/* Utilities that help set specific parameters */ +int OSSL_DESERIALIZER_CTX_set_cipher(OSSL_DESERIALIZER_CTX *ctx, + const char *cipher_name, + const char *propquery); +int OSSL_DESERIALIZER_CTX_set_passphrase(OSSL_DESERIALIZER_CTX *ctx, + const unsigned char *kstr, + size_t klen); +int OSSL_DESERIALIZER_CTX_set_passphrase_cb(OSSL_DESERIALIZER_CTX *ctx, + pem_password_cb *cb, void *cbarg); +int OSSL_DESERIALIZER_CTX_set_passphrase_ui(OSSL_DESERIALIZER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); + +/* + * Utilities to read the object to deserialize, with the result sent to cb. + * These will discover all provided methods + */ + +int OSSL_DESERIALIZER_CTX_set_input_type(OSSL_DESERIALIZER_CTX *ctx, + const char *input_type); +int OSSL_DESERIALIZER_CTX_add_deserializer(OSSL_DESERIALIZER_CTX *ctx, + OSSL_DESERIALIZER *deser); +int OSSL_DESERIALIZER_CTX_add_extra(OSSL_DESERIALIZER_CTX *ctx, + OPENSSL_CTX *libctx, const char *propq); +int OSSL_DESERIALIZER_CTX_num_deserializers(OSSL_DESERIALIZER_CTX *ctx); + +typedef struct ossl_deserializer_instance_st OSSL_DESERIALIZER_INSTANCE; +typedef int (OSSL_DESERIALIZER_FINALIZER) + (OSSL_DESERIALIZER_INSTANCE *deser_inst, + const OSSL_PARAM *params, void *finalize_arg); +typedef void (OSSL_DESERIALIZER_CLEANER)(void *finalize_arg); + +int OSSL_DESERIALIZER_CTX_set_finalizer(OSSL_DESERIALIZER_CTX *ctx, + OSSL_DESERIALIZER_FINALIZER *finalizer, + OSSL_DESERIALIZER_CLEANER *cleaner, + void *finalize_arg); + +int OSSL_DESERIALIZER_export(OSSL_DESERIALIZER_INSTANCE *deser_inst, + void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg); + +OSSL_DESERIALIZER *OSSL_DESERIALIZER_INSTANCE_deserializer + (OSSL_DESERIALIZER_INSTANCE *deser_inst); +void *OSSL_DESERIALIZER_INSTANCE_deserializer_ctx + (OSSL_DESERIALIZER_INSTANCE *deser_inst); + +int OSSL_DESERIALIZER_from_bio(OSSL_DESERIALIZER_CTX *ctx, BIO *in); +#ifndef OPENSSL_NO_STDIO +int OSSL_DESERIALIZER_from_fp(OSSL_DESERIALIZER_CTX *ctx, FILE *in); +#endif + +/* + * Create the OSSL_DESERIALIZER_CTX with an associated type. This will perform + * an implicit OSSL_DESERIALIZER_fetch(), suitable for the object of that type. + */ +OSSL_DESERIALIZER_CTX * +OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey, const char *input_type, + OPENSSL_CTX *libctx, + const char *propquery); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/openssl/deserializererr.h b/include/openssl/deserializererr.h new file mode 100644 index 0000000000..1c6573afb6 --- /dev/null +++ b/include/openssl/deserializererr.h @@ -0,0 +1,35 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OSSL_DESERIALIZERERR_H +# define OPENSSL_OSSL_DESERIALIZERERR_H +# pragma once + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_DESERIALIZER_strings(void); + +/* + * OSSL_DESERIALIZER function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * OSSL_DESERIALIZER reason codes. + */ +# define OSSL_DESERIALIZER_R_MISSING_GET_PARAMS 100 + +#endif diff --git a/include/openssl/err.h b/include/openssl/err.h index a40d231ea0..fd3b93aa47 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -114,7 +114,8 @@ struct err_state_st { # define ERR_LIB_PROV 57 # define ERR_LIB_CMP 58 # define ERR_LIB_OSSL_SERIALIZER 59 -# define ERR_LIB_HTTP 60 +# define ERR_LIB_OSSL_DESERIALIZER 60 +# define ERR_LIB_HTTP 61 # define ERR_LIB_USER 128 diff --git a/include/openssl/serializer.h b/include/openssl/serializer.h index 8b24840786..50c85d617f 100644 --- a/include/openssl/serializer.h +++ b/include/openssl/serializer.h @@ -61,7 +61,7 @@ int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx, int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx, const unsigned char *kstr, size_t klen); -int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, +int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, pem_password_cb *cb, void *cbarg); int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, const UI_METHOD *ui_method, diff --git a/include/openssl/types.h b/include/openssl/types.h index d43950a809..496f42a101 100644 --- a/include/openssl/types.h +++ b/include/openssl/types.h @@ -214,6 +214,8 @@ typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); typedef struct ossl_serializer_st OSSL_SERIALIZER; typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX; +typedef struct ossl_deserializer_st OSSL_DESERIALIZER; +typedef struct ossl_deserializer_ctx_st OSSL_DESERIALIZER_CTX; typedef struct ossl_self_test_st OSSL_SELF_TEST; diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index c193658c58..fc1f8b2b26 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -16,6 +16,8 @@ static OSSL_FUNC_BIO_new_file_fn *c_bio_new_file = NULL; static OSSL_FUNC_BIO_new_membuf_fn *c_bio_new_membuf = NULL; static OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex = NULL; static OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex = NULL; +static OSSL_FUNC_BIO_gets_fn *c_bio_gets = NULL; +static OSSL_FUNC_BIO_puts_fn *c_bio_puts = NULL; static OSSL_FUNC_BIO_free_fn *c_bio_free = NULL; static OSSL_FUNC_BIO_vprintf_fn *c_bio_vprintf = NULL; @@ -39,6 +41,14 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) if (c_bio_write_ex == NULL) c_bio_write_ex = OSSL_FUNC_BIO_write_ex(fns); break; + case OSSL_FUNC_BIO_GETS: + if (c_bio_gets == NULL) + c_bio_gets = OSSL_FUNC_BIO_gets(fns); + break; + case OSSL_FUNC_BIO_PUTS: + if (c_bio_puts == NULL) + c_bio_puts = OSSL_FUNC_BIO_puts(fns); + break; case OSSL_FUNC_BIO_FREE: if (c_bio_free == NULL) c_bio_free = OSSL_FUNC_BIO_free(fns); @@ -83,6 +93,20 @@ int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len return c_bio_write_ex(bio, data, data_len, written); } +int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size) +{ + if (c_bio_gets == NULL) + return -1; + return c_bio_gets(bio, buf, size); +} + +int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str) +{ + if (c_bio_puts == NULL) + return -1; + return c_bio_puts(bio, str); +} + int ossl_prov_bio_free(OSSL_CORE_BIO *bio) { if (c_bio_free == NULL) @@ -134,16 +158,12 @@ static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr) static int bio_core_gets(BIO *bio, char *buf, int size) { - /* We don't support this */ - assert(0); - return -1; + return ossl_prov_bio_gets(BIO_get_data(bio), buf, size); } static int bio_core_puts(BIO *bio, const char *str) { - /* We don't support this */ - assert(0); - return -1; + return ossl_prov_bio_puts(BIO_get_data(bio), str); } static int bio_core_new(BIO *bio) diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index c63f6b5da5..3cef89ce18 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -20,6 +20,8 @@ int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read); int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written); +int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size); +int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str); int ossl_prov_bio_free(OSSL_CORE_BIO *bio); int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); diff --git a/providers/defltprov.c b/providers/defltprov.c index d404585afd..7ab006ae83 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -530,6 +530,17 @@ static const OSSL_ALGORITHM deflt_serializer[] = { { "EC", "provider=default,fips=yes,format=pem,type=parameters", ec_param_pem_serializer_functions }, #endif + + { NULL, NULL, NULL } +}; + +static const OSSL_ALGORITHM deflt_deserializer[] = { + { "RSA", "provider=default,fips=yes,input=der", + der_to_rsa_deserializer_functions }, + + { "DER", "provider=default,fips=yes,input=pem", + pem_to_der_deserializer_functions }, + { NULL, NULL, NULL } }; @@ -559,6 +570,8 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, return deflt_asym_cipher; case OSSL_OP_SERIALIZER: return deflt_serializer; + case OSSL_OP_DESERIALIZER: + return deflt_deserializer; } return NULL; } diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 0b32f3727c..4890f11969 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -358,3 +358,6 @@ extern const OSSL_DISPATCH ec_param_der_serializer_functions[]; extern const OSSL_DISPATCH ec_priv_pem_serializer_functions[]; extern const OSSL_DISPATCH ec_pub_pem_serializer_functions[]; extern const OSSL_DISPATCH ec_param_pem_serializer_functions[]; + +extern const OSSL_DISPATCH der_to_rsa_deserializer_functions[]; +extern const OSSL_DISPATCH pem_to_der_deserializer_functions[]; diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 5c6b52efaf..3231c020c9 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -23,6 +23,7 @@ #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/rsa.h" +#include "crypto/cryptlib.h" #include "internal/param_build_set.h" static OSSL_FUNC_keymgmt_new_fn rsa_newdata; @@ -34,6 +35,7 @@ static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; static OSSL_FUNC_keymgmt_gen_fn rsa_gen; static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; +static OSSL_FUNC_keymgmt_load_fn rsa_load; static OSSL_FUNC_keymgmt_free_fn rsa_freedata; static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; @@ -575,6 +577,20 @@ static void rsa_gen_cleanup(void *genctx) OPENSSL_free(gctx); } +void *rsa_load(const void *reference, size_t reference_sz) +{ + RSA *rsa = NULL; + + if (reference_sz == sizeof(rsa)) { + /* The contents of the reference is the address to our object */ + rsa = *(RSA **)reference; + /* We grabbed, so we detach it */ + *(RSA **)reference = NULL; + return rsa; + } + return NULL; +} + /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ static const char *rsapss_query_operation_name(int operation_id) { @@ -590,6 +606,7 @@ const OSSL_DISPATCH rsa_keymgmt_functions[] = { (void (*)(void))rsa_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, diff --git a/providers/implementations/serializers/build.info b/providers/implementations/serializers/build.info index ffafbe38e5..bcfe9d4d4b 100644 --- a/providers/implementations/serializers/build.info +++ b/providers/implementations/serializers/build.info @@ -9,8 +9,9 @@ $DSA_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a -SOURCE[$SERIALIZER_GOAL]=serializer_common.c +SOURCE[$SERIALIZER_GOAL]=serializer_common.c deserialize_common.c +SOURCE[$RSA_GOAL]=deserialize_der2rsa.c deserialize_pem2der.c SOURCE[$RSA_GOAL]=serializer_rsa.c serializer_rsa_priv.c serializer_rsa_pub.c DEPEND[serializer_rsa.o]=../../common/include/prov/der_rsa.h diff --git a/providers/implementations/serializers/deserialize_common.c b/providers/implementations/serializers/deserialize_common.c new file mode 100644 index 0000000000..449d57b0a3 --- /dev/null +++ b/providers/implementations/serializers/deserialize_common.c @@ -0,0 +1,91 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "crypto/asn1.h" +#include "prov/bio.h" /* ossl_prov_bio_printf() */ +#include "prov/providercommonerr.h" /* PROV_R_READ_KEY */ +#include "serializer_local.h" + +int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = bio_new_from_core_bio(provctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + char **pem_name, char **pem_header, + unsigned char **data, long *len) +{ + BIO *in = bio_new_from_core_bio(provctx, cin); + int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0); + + BIO_free(in); + return ok; +} + +int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, + unsigned char *input_der, long input_der_len, + struct pkcs8_encrypt_ctx_st *ctx) +{ + const unsigned char *derp; + X509_SIG *p8 = NULL; + int ok = 0; + + if (!ossl_assert(new_der != NULL && *new_der == NULL) + || !ossl_assert(new_der_len != NULL)) + return 0; + + if (ctx->cipher == NULL) + return 0; + + derp = input_der; + if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) { + char pbuf[PEM_BUFSIZE]; + const void *pstr = ctx->cipher_pass; + size_t plen = ctx->cipher_pass_length; + + if (pstr == NULL) { + pstr = pbuf; + if (!ctx->cb(pbuf, sizeof(pbuf), &plen, NULL, ctx->cbarg)) { + ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY); + pstr = NULL; + } + } + + if (pstr != NULL) { + const X509_ALGOR *alg = NULL; + const ASN1_OCTET_STRING *oct = NULL; + int len = 0; + + X509_SIG_get0(p8, &alg, &oct); + if (PKCS12_pbe_crypt(alg, pstr, plen, oct->data, oct->length, + new_der, &len, 0) != NULL) + ok = 1; + *new_der_len = len; + } + } + X509_SIG_free(p8); + return ok; +} diff --git a/providers/implementations/serializers/deserialize_der2rsa.c b/providers/implementations/serializers/deserialize_der2rsa.c new file mode 100644 index 0000000000..6854c7efcb --- /dev/null +++ b/providers/implementations/serializers/deserialize_der2rsa.c @@ -0,0 +1,231 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include +#include +#include +#include +#include "prov/bio.h" +#include "prov/implementations.h" +#include "serializer_local.h" + +static OSSL_FUNC_deserializer_newctx_fn der2rsa_newctx; +static OSSL_FUNC_deserializer_freectx_fn der2rsa_freectx; +static OSSL_FUNC_deserializer_gettable_params_fn der2rsa_gettable_params; +static OSSL_FUNC_deserializer_get_params_fn der2rsa_get_params; +static OSSL_FUNC_deserializer_settable_ctx_params_fn der2rsa_settable_ctx_params; +static OSSL_FUNC_deserializer_set_ctx_params_fn der2rsa_set_ctx_params; +static OSSL_FUNC_deserializer_deserialize_fn der2rsa_deserialize; +static OSSL_FUNC_deserializer_export_object_fn der2rsa_export_object; + +/* + * Context used for DER to RSA key deserialization. + */ +struct der2rsa_ctx_st { + PROV_CTX *provctx; + + struct pkcs8_encrypt_ctx_st sc; +}; + +static void *der2rsa_newctx(void *provctx) +{ + struct der2rsa_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) { + ctx->provctx = provctx; + /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */ + ctx->sc.pbe_nid = -1; + } + return ctx; +} + +static void der2rsa_freectx(void *vctx) +{ + struct der2rsa_ctx_st *ctx = vctx; + + EVP_CIPHER_free(ctx->sc.cipher); + OPENSSL_clear_free(ctx->sc.cipher_pass, ctx->sc.cipher_pass_length); + OPENSSL_free(ctx); +} + +static const OSSL_PARAM *der2rsa_gettable_params(void) +{ + static const OSSL_PARAM gettables[] = { + { OSSL_DESERIALIZER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, + OSSL_PARAM_END, + }; + + return gettables; +} + +static int der2rsa_get_params(OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_DESERIALIZER_PARAM_INPUT_TYPE); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER")) + return 0; + + return 1; +} + + +static const OSSL_PARAM *der2rsa_settable_ctx_params(void) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_DESERIALIZER_PARAM_CIPHER, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_DESERIALIZER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_octet_string(OSSL_DESERIALIZER_PARAM_PASS, NULL, 0), + OSSL_PARAM_END, + }; + + return settables; +} + +static int der2rsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct der2rsa_ctx_st *ctx = vctx; + OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx); + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_CIPHER)) + != NULL) { + const OSSL_PARAM *propsp = + OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PROPERTIES); + const char *props = NULL; + + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + props = (propsp != NULL ? propsp->data : NULL); + + EVP_CIPHER_free(ctx->sc.cipher); + ctx->sc.cipher = NULL; + ctx->sc.cipher_intent = p->data != NULL; + if (p->data != NULL + && ((ctx->sc.cipher = EVP_CIPHER_fetch(libctx, p->data, props)) + == NULL)) + return 0; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PASS)) + != NULL) { + OPENSSL_clear_free(ctx->sc.cipher_pass, ctx->sc.cipher_pass_length); + ctx->sc.cipher_pass = NULL; + if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0, + &ctx->sc.cipher_pass_length)) + return 0; + } + return 1; +} + +static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct der2rsa_ctx_st *ctx = vctx; + void *libctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); + RSA *rsa = NULL; + unsigned char *der = NULL; + const unsigned char *derp; + long der_len = 0; + unsigned char *new_der = NULL; + long new_der_len; + EVP_PKEY *pkey = NULL; + int ok = 0; + + ctx->sc.cb = pw_cb; + ctx->sc.cbarg = pw_cbarg; + + if (!ossl_prov_read_der(ctx->provctx, cin, &der, &der_len)) + return 0; + + /* + * Opportunistic attempt to decrypt. If it doesn't work, we try to + * decode our input unencrypted. + */ + if (ctx->sc.cipher_intent + && ossl_prov_der_from_p8(&new_der, &new_der_len, der, der_len, + &ctx->sc)) { + OPENSSL_free(der); + der = new_der; + der_len = new_der_len; + } + + derp = der; + if ((pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &derp, der_len, + libctx, NULL)) != NULL) { + /* Tear out the RSA pointer from the pkey */ + rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); + } + + OPENSSL_free(der); + + if (rsa != NULL) { + OSSL_PARAM params[3]; + + params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_DATA_TYPE, + "RSA", 0); + /* The address of the key becomes the octet string */ + params[1] = + OSSL_PARAM_construct_octet_string(OSSL_DESERIALIZER_PARAM_REFERENCE, + &rsa, sizeof(rsa)); + params[2] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + RSA_free(rsa); + + return ok; +} + +static int der2rsa_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) +{ + OSSL_FUNC_keymgmt_export_fn *rsa_export = + ossl_prov_get_keymgmt_rsa_export(); + void *keydata; + + if (reference_sz == sizeof(keydata) && rsa_export != NULL) { + /* The contents of the reference is the address to our object */ + keydata = *(RSA **)reference; + + return rsa_export(keydata, OSSL_KEYMGMT_SELECT_ALL, + export_cb, export_cbarg); + } + return 0; +} + +const OSSL_DISPATCH der_to_rsa_deserializer_functions[] = { + { OSSL_FUNC_DESERIALIZER_NEWCTX, (void (*)(void))der2rsa_newctx }, + { OSSL_FUNC_DESERIALIZER_FREECTX, (void (*)(void))der2rsa_freectx }, + { OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS, + (void (*)(void))der2rsa_gettable_params }, + { OSSL_FUNC_DESERIALIZER_GET_PARAMS, + (void (*)(void))der2rsa_get_params }, + { OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS, + (void (*)(void))der2rsa_settable_ctx_params }, + { OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS, + (void (*)(void))der2rsa_set_ctx_params }, + { OSSL_FUNC_DESERIALIZER_DESERIALIZE, + (void (*)(void))der2rsa_deserialize }, + { OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT, + (void (*)(void))der2rsa_export_object }, + { 0, NULL } +}; diff --git a/providers/implementations/serializers/deserialize_pem2der.c b/providers/implementations/serializers/deserialize_pem2der.c new file mode 100644 index 0000000000..490f041703 --- /dev/null +++ b/providers/implementations/serializers/deserialize_pem2der.c @@ -0,0 +1,202 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include + +#include +#include +#include +#include +#include +#include +#include "prov/bio.h" +#include "prov/bio.h" +#include "prov/providercommonerr.h" +#include "serializer_local.h" + +static OSSL_FUNC_deserializer_newctx_fn pem2der_newctx; +static OSSL_FUNC_deserializer_freectx_fn pem2der_freectx; +static OSSL_FUNC_deserializer_gettable_params_fn pem2der_gettable_params; +static OSSL_FUNC_deserializer_get_params_fn pem2der_get_params; +static OSSL_FUNC_deserializer_deserialize_fn pem2der_deserialize; + +/* + * Context used for PEM to DER deserialization. + */ +struct pem2der_ctx_st { + PROV_CTX *provctx; + + /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ + int cipher_intent; + + EVP_CIPHER *cipher; + + /* Passphrase that was passed by the caller */ + void *cipher_pass; + size_t cipher_pass_length; + + /* This callback is only used if |cipher_pass| is NULL */ + OSSL_PASSPHRASE_CALLBACK *cb; + void *cbarg; +}; + +static void *pem2der_newctx(void *provctx) +{ + struct pem2der_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + ctx->provctx = provctx; + return ctx; +} + +static void pem2der_freectx(void *vctx) +{ + struct pem2der_ctx_st *ctx = vctx; + + EVP_CIPHER_free(ctx->cipher); + OPENSSL_clear_free(ctx->cipher_pass, ctx->cipher_pass_length); + OPENSSL_free(ctx); +} + +static const OSSL_PARAM *pem2der_gettable_params(void) +{ + static const OSSL_PARAM gettables[] = { + { OSSL_DESERIALIZER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, + OSSL_PARAM_END, + }; + + return gettables; +} + +static int pem2der_get_params(OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_DESERIALIZER_PARAM_INPUT_TYPE); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "PEM")) + return 0; + + return 1; +} + +static const OSSL_PARAM *pem2der_settable_ctx_params(void) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_octet_string(OSSL_DESERIALIZER_PARAM_PASS, NULL, 0), + OSSL_PARAM_END, + }; + + return settables; +} + +static int pem2der_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct pem2der_ctx_st *ctx = vctx; + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_DESERIALIZER_PARAM_PASS)) + != NULL) { + OPENSSL_clear_free(ctx->cipher_pass, ctx->cipher_pass_length); + ctx->cipher_pass = NULL; + if (!OSSL_PARAM_get_octet_string(p, &ctx->cipher_pass, 0, + &ctx->cipher_pass_length)) + return 0; + } + return 1; +} + +/* pem_password_cb compatible function */ +static int pem2der_pass_helper(char *buf, int num, int w, void *data) +{ + struct pem2der_ctx_st *ctx = data; + size_t plen; + + if (ctx->cipher_pass != NULL) { + if (ctx->cipher_pass_length < (size_t)num - 1) { + strncpy(buf, ctx->cipher_pass, ctx->cipher_pass_length); + buf[ctx->cipher_pass_length] = '\0'; + } else { + OPENSSL_strlcpy(buf, ctx->cipher_pass, num); + } + } else if (ctx->cb == NULL + || !ctx->cb(buf, num, &plen, NULL, ctx->cbarg)) { + return -1; + } + return (int)ctx->cipher_pass_length; +} + +static int pem2der_deserialize(void *vctx, OSSL_CORE_BIO *cin, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct pem2der_ctx_st *ctx = vctx; + char *pem_name = NULL, *pem_header = NULL; + unsigned char *der = NULL; + long der_len = 0; + int ok = 0; + + if (ossl_prov_read_pem(ctx->provctx, cin, &pem_name, &pem_header, + &der, &der_len) <= 0) + return 0; + + /* + * 10 is the number of characters in "Proc-Type:", which + * PEM_get_EVP_CIPHER_INFO() requires to be present. + * If the PEM header has less characters than that, it's + * not worth spending cycles on it. + */ + if (strlen(pem_header) > 10) { + EVP_CIPHER_INFO cipher; + + if (!PEM_get_EVP_CIPHER_INFO(pem_header, &cipher) + || !PEM_do_header(&cipher, der, &der_len, pem2der_pass_helper, ctx)) + goto end; + } + + { + OSSL_PARAM params[3]; + + params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_DATA_TYPE, + pem_name, 0); + params[1] = + OSSL_PARAM_construct_octet_string(OSSL_DESERIALIZER_PARAM_DATA, + der, der_len); + params[2] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + + end: + OPENSSL_free(pem_name); + OPENSSL_free(pem_header); + OPENSSL_free(der); + return ok; +} + +const OSSL_DISPATCH pem_to_der_deserializer_functions[] = { + { OSSL_FUNC_DESERIALIZER_NEWCTX, (void (*)(void))pem2der_newctx }, + { OSSL_FUNC_DESERIALIZER_FREECTX, (void (*)(void))pem2der_freectx }, + { OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS, + (void (*)(void))pem2der_gettable_params }, + { OSSL_FUNC_DESERIALIZER_GET_PARAMS, + (void (*)(void))pem2der_get_params }, + { OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS, + (void (*)(void))pem2der_settable_ctx_params }, + { OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS, + (void (*)(void))pem2der_set_ctx_params }, + { OSSL_FUNC_DESERIALIZER_DESERIALIZE, (void (*)(void))pem2der_deserialize }, + { 0, NULL } +}; diff --git a/providers/implementations/serializers/serializer_common.c b/providers/implementations/serializers/serializer_common.c index 7bf0ce941a..58d7a27e60 100644 --- a/providers/implementations/serializers/serializer_common.c +++ b/providers/implementations/serializers/serializer_common.c @@ -144,6 +144,16 @@ OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *f return NULL; } +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) + return OSSL_FUNC_keymgmt_export(fns); + + return NULL; +} + # ifdef SIXTY_FOUR_BIT_LONG # define BN_FMTu "%lu" # define BN_FMTx "%lx" diff --git a/providers/implementations/serializers/serializer_local.h b/providers/implementations/serializers/serializer_local.h index 5378bf1c84..a94418bb2a 100644 --- a/providers/implementations/serializers/serializer_local.h +++ b/providers/implementations/serializers/serializer_local.h @@ -35,10 +35,12 @@ struct pkcs8_encrypt_ctx_st { OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns); OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns); OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns); +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns); OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void); OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void); OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_rsa_import(void); +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void); OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void); OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dh_free(void); OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dh_import(void); @@ -157,3 +159,14 @@ int ossl_prov_write_pub_pem_from_obj(BIO *out, const void *obj, int obj_nid, int *strtype), int (*k2d)(const void *obj, unsigned char **pder)); + +int ossl_prov_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len); +int ossl_prov_read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, + char **pem_name, char **pem_header, + unsigned char **data, long *len); + +int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, + unsigned char *input_der, long input_der_len, + struct pkcs8_encrypt_ctx_st *ctx); + diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index e936a67212..d0cea458d1 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -37,6 +37,11 @@ OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_rsa_import(void) return ossl_prov_get_keymgmt_import(rsa_keymgmt_functions); } +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void) +{ + return ossl_prov_get_keymgmt_export(rsa_keymgmt_functions); +} + int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) { const char *modulus_label; diff --git a/test/build.info b/test/build.info index a49d9c6d6e..d15ee75814 100644 --- a/test/build.info +++ b/test/build.info @@ -777,6 +777,11 @@ IF[{- !$disabled{tests} -}] INCLUDE[hexstr_test]=.. ../include ../apps/include DEPEND[hexstr_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=serdes_test + SOURCE[serdes_test]=serdes_test.c + INCLUDE[serdes_test]=.. ../include ../apps/include + DEPEND[serdes_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=namemap_internal_test SOURCE[namemap_internal_test]=namemap_internal_test.c INCLUDE[namemap_internal_test]=.. ../include ../apps/include diff --git a/test/recipes/04-test_serializer_deserializer.t b/test/recipes/04-test_serializer_deserializer.t new file mode 100644 index 0000000000..8da6ffb09f --- /dev/null +++ b/test/recipes/04-test_serializer_deserializer.t @@ -0,0 +1,15 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test::Simple; +use OpenSSL::Test; + +simple_test("test_serializer_deserializer", "serdes_test"); diff --git a/test/serdes_test.c b/test/serdes_test.c new file mode 100644 index 0000000000..b4f3d0b5c8 --- /dev/null +++ b/test/serdes_test.c @@ -0,0 +1,378 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "internal/cryptlib.h" /* ossl_assert */ + +#include "testutil.h" + +/* + * TODO(3.0) Modify PEM_write_bio_PrivateKey_traditional() to handle + * provider side EVP_PKEYs (which don't necessarily have an ameth) + * + * In the mean time, we use separate "downgraded" EVP_PKEYs to test + * serializing/deserializing with "traditional" keys. + */ + +static EVP_PKEY *key_RSA = NULL; +static EVP_PKEY *legacy_key_RSA = NULL; + +static EVP_PKEY *make_RSA(const char *rsa_type, int make_legacy) +{ + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, rsa_type, NULL); + + /* + * No real need to check the errors other than for the cascade + * effect. |pkey| will imply remain NULL if something goes wrong. + */ + (void)(ctx != NULL + && EVP_PKEY_keygen_init(ctx) > 0 + && EVP_PKEY_keygen(ctx, &pkey) > 0); + EVP_PKEY_CTX_free(ctx); + if (make_legacy && EVP_PKEY_get0(pkey) == NULL) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + + return pkey; +} + +/* Main test driver */ + +typedef int (serializer)(void **serialized, long *serialized_len, + void *object, + const char *pass, const char *pcipher, + const char *ser_propq); +typedef int (deserializer)(void **object, + void *serialized, long serialized_len, + const char *pass, const char *pcipher); +typedef int (checker)(int type, const void *data, size_t data_len); +typedef void (dumper)(const char *label, const void *data, size_t data_len); + +static int test_serialize_deserialize(EVP_PKEY *pkey, + const char *pass, const char *pcipher, + serializer *serialize_cb, + deserializer *deserialize_cb, + checker *check_cb, dumper *dump_cb, + const char *ser_propq, int make_legacy) +{ + void *serialized = NULL; + long serialized_len = 0; + EVP_PKEY *pkey2 = NULL; + void *serialized2 = NULL; + long serialized2_len = 0; + int ok = 0; + + if (!serialize_cb(&serialized, &serialized_len, pkey, + pass, pcipher, ser_propq) + || !check_cb(EVP_PKEY_base_id(pkey), serialized, serialized_len) + || !deserialize_cb((void **)&pkey2, serialized, serialized_len, + pass, pcipher) + || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) + goto end; + + /* + * TODO(3.0) Remove this when PEM_write_bio_PrivateKey_traditional() + * handles provider side keys. + */ + if (make_legacy + && !TEST_ptr(EVP_PKEY_get0(pkey2))) + goto end; + + /* + * Double check the serialization, but only for unprotected keys, + * as protected keys have a random component, which makes the output + * differ. + */ + if ((pass == NULL && pcipher == NULL) + && (!serialize_cb(&serialized2, &serialized2_len, pkey2, + pass, pcipher, ser_propq) + || !TEST_mem_eq(serialized, serialized_len, + serialized2, serialized2_len))) + goto end; + + ok = 1; + end: + if (!ok) + dump_cb("serialized result", serialized, serialized_len); + + OPENSSL_free(serialized); + OPENSSL_free(serialized2); + EVP_PKEY_free(pkey2); + return ok; +} + +/* Serializing and desserializing methods */ + +static int serialize_EVP_PKEY_prov(void **serialized, long *serialized_len, + void *object, + const char *pass, const char *pcipher, + const char *ser_propq) +{ + EVP_PKEY *pkey = object; + OSSL_SERIALIZER_CTX *sctx = NULL; + BIO *mem_ser = NULL; + BUF_MEM *mem_buf = NULL; + const unsigned char *upass = (const unsigned char *)pass; + int ok = 0; + + if (!TEST_ptr(sctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pkey, ser_propq)) + || (pass != NULL + && !TEST_true(OSSL_SERIALIZER_CTX_set_passphrase(sctx, upass, + strlen(pass)))) + || (pcipher != NULL + && !TEST_true(OSSL_SERIALIZER_CTX_set_cipher(sctx, pcipher, NULL))) + || !TEST_ptr(mem_ser = BIO_new(BIO_s_mem())) + || !TEST_true(OSSL_SERIALIZER_to_bio(sctx, mem_ser)) + || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) + || !TEST_ptr(*serialized = mem_buf->data) + || !TEST_long_gt(*serialized_len = mem_buf->length, 0)) + goto end; + + /* Detach the serialized output */ + mem_buf->data = NULL; + mem_buf->length = 0; + ok = 1; + end: + BIO_free(mem_ser); + OSSL_SERIALIZER_CTX_free(sctx); + return ok; +} + +static int deserialize_EVP_PKEY_prov(void **object, + void *serialized, long serialized_len, + const char *pass, const char *pcipher) +{ + EVP_PKEY *pkey = NULL; + OSSL_DESERIALIZER_CTX *dctx = NULL; + BIO *mem_deser = NULL; + const unsigned char *upass = (const unsigned char *)pass; + int ok = 0; + + if (!TEST_ptr(dctx = OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY(&pkey, NULL, + NULL, NULL)) + || (pass != NULL + && !OSSL_DESERIALIZER_CTX_set_passphrase(dctx, upass, + strlen(pass))) + || (pcipher != NULL + && !OSSL_DESERIALIZER_CTX_set_cipher(dctx, pcipher, NULL)) + || !TEST_ptr(mem_deser = BIO_new_mem_buf(serialized, serialized_len)) + || !TEST_true(OSSL_DESERIALIZER_from_bio(dctx, mem_deser))) + goto end; + ok = 1; + *object = pkey; + end: + BIO_free(mem_deser); + OSSL_DESERIALIZER_CTX_free(dctx); + return ok; +} + +static int serialize_EVP_PKEY_legacy_PEM(void **serialized, + long *serialized_len, + void *object, + const char *pass, const char *pcipher, + ossl_unused const char *ser_propq) +{ + EVP_PKEY *pkey = object; + EVP_CIPHER *cipher = NULL; + BIO *mem_ser = NULL; + BUF_MEM *mem_buf = NULL; + const unsigned char *upass = (const unsigned char *)pass; + size_t passlen = 0; + int ok = 0; + + if (pcipher != NULL && pass != NULL) { + passlen = strlen(pass); + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL))) + goto end; + } + if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem())) + || !TEST_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey, + cipher, + upass, passlen, + NULL, NULL)) + || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) + || !TEST_ptr(*serialized = mem_buf->data) + || !TEST_long_gt(*serialized_len = mem_buf->length, 0)) + goto end; + + /* Detach the serialized output */ + mem_buf->data = NULL; + mem_buf->length = 0; + ok = 1; + end: + BIO_free(mem_ser); + EVP_CIPHER_free(cipher); + return ok; +} + +/* Test cases and their dumpers / checkers */ + +static void dump_der(const char *label, const void *data, size_t data_len) +{ + test_output_memory(label, data, data_len); +} + +static void dump_pem(const char *label, const void *data, size_t data_len) +{ + test_output_string(label, data, data_len - 1); +} + +static int check_unprotected_PKCS8_DER(int type, + const void *data, size_t data_len) +{ + const unsigned char *datap = data; + PKCS8_PRIV_KEY_INFO *p8inf = + d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); + int ok = 0; + + if (TEST_ptr(p8inf)) { + EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf); + + ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, "RSA"))); + EVP_PKEY_free(pkey); + } + PKCS8_PRIV_KEY_INFO_free(p8inf); + return ok; +} + +static int test_unprotected_RSA_via_DER(void) +{ + return test_serialize_deserialize(key_RSA, NULL, NULL, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_unprotected_PKCS8_DER, dump_der, + OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, + 0); +} + +static int check_unprotected_PKCS8_PEM(int type, + const void *data, size_t data_len) +{ + static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8INF "-----"; + + return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1); +} + +static int test_unprotected_RSA_via_PEM(void) +{ + return test_serialize_deserialize(key_RSA, NULL, NULL, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_unprotected_PKCS8_PEM, dump_pem, + OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, + 0); +} + +static int check_unprotected_legacy_PEM(int type, + const void *data, size_t data_len) +{ + static const char pem_header[] = "-----BEGIN " PEM_STRING_RSA "-----"; + + return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1); +} + +static int test_unprotected_RSA_via_legacy_PEM(void) +{ + return test_serialize_deserialize(legacy_key_RSA, NULL, NULL, + serialize_EVP_PKEY_legacy_PEM, + deserialize_EVP_PKEY_prov, + check_unprotected_legacy_PEM, dump_pem, + NULL, 1); +} + +static const char *pass_cipher = "AES-256-CBC"; +static const char *pass = "the holy handgrenade of antioch"; + +static int check_protected_PKCS8_DER(int type, + const void *data, size_t data_len) +{ + const unsigned char *datap = data; + X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len); + int ok = TEST_ptr(p8); + + X509_SIG_free(p8); + return ok; +} + +static int test_protected_RSA_via_DER(void) +{ + return test_serialize_deserialize(key_RSA, pass, pass_cipher, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_protected_PKCS8_DER, dump_der, + OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, + 0); +} + +static int check_protected_PKCS8_PEM(int type, + const void *data, size_t data_len) +{ + static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8 "-----"; + + return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1); +} + +static int test_protected_RSA_via_PEM(void) +{ + return test_serialize_deserialize(key_RSA, pass, pass_cipher, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_protected_PKCS8_PEM, dump_pem, + OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, + 0); +} + +static int check_protected_legacy_PEM(int type, + const void *data, size_t data_len) +{ + static const char pem_header[] = "-----BEGIN " PEM_STRING_RSA "-----"; + + return + TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1) + && TEST_ptr(strstr(data, "\nDEK-Info: ")); +} + +static int test_protected_RSA_via_legacy_PEM(void) +{ + return test_serialize_deserialize(legacy_key_RSA, pass, pass_cipher, + serialize_EVP_PKEY_legacy_PEM, + deserialize_EVP_PKEY_prov, + check_protected_legacy_PEM, dump_pem, + NULL, 1); +} + +int setup_tests(void) +{ + TEST_info("Generating keys..."); + if (!TEST_ptr(key_RSA = make_RSA("RSA", 0)) + || !TEST_ptr(legacy_key_RSA = make_RSA("RSA", 1))) { + EVP_PKEY_free(key_RSA); + EVP_PKEY_free(legacy_key_RSA); + return 0; + } + TEST_info("Generating key... done"); + + ADD_TEST(test_unprotected_RSA_via_DER); + ADD_TEST(test_unprotected_RSA_via_PEM); + ADD_TEST(test_unprotected_RSA_via_legacy_PEM); + ADD_TEST(test_protected_RSA_via_DER); + ADD_TEST(test_protected_RSA_via_PEM); + ADD_TEST(test_protected_RSA_via_legacy_PEM); + + return 1; +} diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c index 069a6a03a5..e2ee98cfd8 100644 --- a/test/testutil/format_output.c +++ b/test/testutil/format_output.c @@ -65,7 +65,7 @@ static void test_fail_string_common(const char *prefix, const char *file, goto fin; } - if (l1 != l2 || strcmp(m1, m2) != 0) + if (l1 != l2 || strncmp(m1, m2, l1) != 0) test_diff_header(left, right); while (l1 > 0 || l2 > 0) { diff --git a/util/libcrypto.num b/util/libcrypto.num index 5aff5d5c44..a4642f1973 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5149,3 +5149,34 @@ X509_STORE_load_store_with_libctx ? 3_0_0 EXIST::FUNCTION: X509_STORE_load_locations_with_libctx ? 3_0_0 EXIST::FUNCTION: X509_STORE_set_default_paths_with_libctx ? 3_0_0 EXIST::FUNCTION: OSSL_STORE_open_with_libctx ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_fetch ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_up_ref ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_free ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_provider ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_properties ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_number ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_is_a ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_do_all_provided ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_names_do_all ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_new ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_free ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_cipher ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_passphrase ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_passphrase_ui ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_from_bio ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_from_fp ? 3_0_0 EXIST::FUNCTION:STDIO +OSSL_DESERIALIZER_CTX_add_deserializer ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_add_extra ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_num_deserializers ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_finalizer ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_set_input_type ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_export ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_INSTANCE_deserializer ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_INSTANCE_deserializer_ctx ? 3_0_0 EXIST::FUNCTION: +ERR_load_OSSL_DESERIALIZER_strings ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_gettable_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_get_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY ? 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 0034a711d1..0e5bb35878 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -636,6 +636,7 @@ ERR_load_KDF_strings(3) ERR_load_OBJ_strings(3) ERR_load_OCSP_strings(3) ERR_load_OSSL_SERIALIZER_strings(3) +ERR_load_OSSL_DESERIALIZER_strings(3) ERR_load_OSSL_STORE_strings(3) ERR_load_PEM_strings(3) ERR_load_PKCS12_strings(3) diff --git a/util/other.syms b/util/other.syms index 54a2b71abb..a623ff5e77 100644 --- a/util/other.syms +++ b/util/other.syms @@ -41,6 +41,12 @@ GEN_SESSION_CB datatype OPENSSL_Applink external OPENSSL_CTX datatype NAMING_AUTHORITY datatype +OSSL_DESERIALIZER datatype +OSSL_DESERIALIZER_CTX datatype +OSSL_DESERIALIZER_FINALIZER datatype +OSSL_DESERIALIZER_CLEANER datatype +OSSL_DESERIALIZER_INSTANCE datatype +OSSL_DESERIALIZER_CTX datatype OSSL_HTTP_bio_cb_t datatype OSSL_PARAM datatype OSSL_PROVIDER datatype From beldmit at gmail.com Fri Jul 24 15:15:18 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Fri, 24 Jul 2020 15:15:18 +0000 Subject: [openssl] master update Message-ID: <1595603718.265680.24997.nullmailer@dev.openssl.org> The branch master has been updated via 1660c8fa6be2d7c4587e490c88a44a870e9b4298 (commit) from a57fc73063bee3fb787e583f5778433ef29d58eb (commit) - Log ----------------------------------------------------------------- commit 1660c8fa6be2d7c4587e490c88a44a870e9b4298 Author: Read Hughes Date: Thu Jul 23 10:25:28 2020 -0400 Update EVP_EncodeInit.pod Fix EVP_EncodeBlock description using incorrect parameter name for encoding length CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12518) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncodeInit.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod index 89e3358450..2b9e02e02d 100644 --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -83,8 +83,8 @@ EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the B object. EVP_EncodeBlock() encodes a full block of input data in B and of length -B and stores it in B. For every 3 bytes of input provided 4 bytes of -output data will be produced. If B is not divisible by 3 then the block is +B and stores it in B. For every 3 bytes of input provided 4 bytes of +output data will be produced. If B is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is From beldmit at gmail.com Fri Jul 24 15:17:13 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Fri, 24 Jul 2020 15:17:13 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1595603833.391165.5827.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7a989af7386e97add7c759fda688c5d2e79e812e (commit) from 72a9868fe53e01bfe912a56b56e4474ff6e0a063 (commit) - Log ----------------------------------------------------------------- commit 7a989af7386e97add7c759fda688c5d2e79e812e Author: Read Hughes Date: Thu Jul 23 10:25:28 2020 -0400 Update EVP_EncodeInit.pod Fix EVP_EncodeBlock description using incorrect parameter name for encoding length CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12518) (cherry picked from commit 1660c8fa6be2d7c4587e490c88a44a870e9b4298) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncodeInit.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod index 8055b100b2..2589254735 100644 --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -83,8 +83,8 @@ EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the B object. EVP_EncodeBlock() encodes a full block of input data in B and of length -B and stores it in B. For every 3 bytes of input provided 4 bytes of -output data will be produced. If B is not divisible by 3 then the block is +B and stores it in B. For every 3 bytes of input provided 4 bytes of +output data will be produced. If B is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is From openssl at openssl.org Fri Jul 24 16:31:33 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 16:31:33 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1595608293.818971.9420.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=205, Tests=3236, 866 wallclock secs (12.25 usr 1.32 sys + 802.86 cusr 63.43 csys = 879.86 CPU) Result: FAIL Makefile:3119: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3117: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Fri Jul 24 16:50:03 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 24 Jul 2020 16:50:03 +0000 Subject: Still Failing: openssl/openssl#36332 (master - a57fc73) In-Reply-To: Message-ID: <5f1b113b2a063_13fdd85ca793c1310d8@travis-pro-tasks-56df7484c5-pbbjp.mail> Build Update for openssl/openssl ------------------------------------- Build: #36332 Status: Still Failing Duration: 1 hr, 23 mins, and 2 secs Commit: a57fc73 (master) Author: Richard Levitte Message: EVP: Fix key type check logic in evp_pkey_cmp_any() Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12410) View the changeset: https://github.com/openssl/openssl/compare/6725682d7751...a57fc73063be View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177045853?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jul 24 18:41:43 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 24 Jul 2020 18:41:43 +0000 Subject: Still Failing: openssl/openssl#36334 (master - 1660c8f) In-Reply-To: Message-ID: <5f1b2b66aca9d_13f927b9a42e4336917@travis-pro-tasks-56df7484c5-8jqjf.mail> Build Update for openssl/openssl ------------------------------------- Build: #36334 Status: Still Failing Duration: 1 hr, 19 mins, and 5 secs Commit: 1660c8f (master) Author: Read Hughes Message: Update EVP_EncodeInit.pod Fix EVP_EncodeBlock description using incorrect parameter name for encoding length CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12518) View the changeset: https://github.com/openssl/openssl/compare/a57fc73063be...1660c8fa6be2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177047958?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Fri Jul 24 19:07:35 2020 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 24 Jul 2020 19:07:35 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1595617655.527028.15959.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 6328d3673fabc336e3064368d855c2d1153ef54c (commit) from 7a989af7386e97add7c759fda688c5d2e79e812e (commit) - Log ----------------------------------------------------------------- commit 6328d3673fabc336e3064368d855c2d1153ef54c Author: Gustaf Neumann Date: Sat Jul 4 21:58:30 2020 +0200 Fix typos and repeated words Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12370) ----------------------------------------------------------------------- Summary of changes: NOTES.ANDROID | 4 +- NOTES.PERL | 2 +- NOTES.VMS | 2 +- NOTES.WIN | 10 +-- doc/man1/CA.pl.pod | 2 +- doc/man1/ca.pod | 2 +- doc/man1/enc.pod | 2 +- doc/man1/ocsp.pod | 2 +- doc/man1/pkcs12.pod | 2 +- doc/man1/pkcs8.pod | 2 +- doc/man1/pkeyutl.pod | 2 +- doc/man1/s_client.pod | 8 +- doc/man1/s_server.pod | 4 +- doc/man1/s_time.pod | 4 +- doc/man1/sess_id.pod | 2 +- doc/man1/ts.pod | 92 +++++++++++----------- doc/man1/tsget.pod | 28 +++---- doc/man1/verify.pod | 2 +- doc/man1/x509.pod | 2 +- doc/man3/ASN1_INTEGER_get_int64.pod | 2 +- doc/man3/ASN1_STRING_length.pod | 2 +- doc/man3/ASN1_TIME_set.pod | 4 +- doc/man3/ASN1_TYPE_get.pod | 10 +-- doc/man3/ASYNC_WAIT_CTX_new.pod | 4 +- doc/man3/ASYNC_start_job.pod | 2 +- doc/man3/BF_encrypt.pod | 2 +- doc/man3/BIO_ADDR.pod | 2 +- doc/man3/BIO_ADDRINFO.pod | 2 +- doc/man3/BIO_connect.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_get_data.pod | 2 +- doc/man3/BIO_parse_hostserv.pod | 4 +- doc/man3/BIO_read.pod | 2 +- doc/man3/BIO_s_accept.pod | 2 +- doc/man3/BIO_s_bio.pod | 4 +- doc/man3/BIO_s_connect.pod | 2 +- doc/man3/BIO_s_file.pod | 2 +- doc/man3/BIO_set_callback.pod | 2 +- doc/man3/BN_add.pod | 8 +- doc/man3/BN_bn2bin.pod | 2 +- doc/man3/BN_generate_prime.pod | 2 +- doc/man3/BN_mod_mul_montgomery.pod | 2 +- doc/man3/BN_set_bit.pod | 4 +- doc/man3/CMS_verify.pod | 2 +- doc/man3/CRYPTO_THREAD_run_once.pod | 2 +- doc/man3/CRYPTO_memcmp.pod | 4 +- doc/man3/DES_random_key.pod | 6 +- doc/man3/DH_get0_pqg.pod | 2 +- doc/man3/DH_set_method.pod | 4 +- doc/man3/DSA_set_method.pod | 4 +- doc/man3/DTLSv1_listen.pod | 4 +- doc/man3/ECDSA_SIG_new.pod | 4 +- doc/man3/EC_GROUP_new.pod | 2 +- doc/man3/EC_POINT_new.pod | 2 +- doc/man3/ENGINE_add.pod | 20 ++--- doc/man3/ERR_get_error.pod | 2 +- doc/man3/ERR_print_errors.pod | 2 +- doc/man3/ERR_put_error.pod | 4 +- doc/man3/EVP_DigestInit.pod | 4 +- doc/man3/EVP_DigestSignInit.pod | 4 +- doc/man3/EVP_DigestVerifyInit.pod | 4 +- doc/man3/EVP_EncodeInit.pod | 2 +- doc/man3/EVP_EncryptInit.pod | 10 +-- doc/man3/EVP_OpenInit.pod | 2 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 +- doc/man3/EVP_PKEY_CTX_new.pod | 2 +- doc/man3/EVP_PKEY_keygen.pod | 2 +- doc/man3/EVP_SealInit.pod | 2 +- doc/man3/EVP_SignInit.pod | 4 +- doc/man3/EVP_VerifyInit.pod | 4 +- doc/man3/HMAC.pod | 2 +- doc/man3/OCSP_cert_to_id.pod | 2 +- doc/man3/OCSP_request_add1_nonce.pod | 2 +- doc/man3/OCSP_resp_find_status.pod | 4 +- doc/man3/OCSP_sendreq_new.pod | 4 +- doc/man3/OPENSSL_LH_COMPFUNC.pod | 4 +- doc/man3/OPENSSL_config.pod | 2 +- doc/man3/OPENSSL_ia32cap.pod | 2 +- doc/man3/OPENSSL_init_crypto.pod | 10 +-- doc/man3/OPENSSL_init_ssl.pod | 4 +- doc/man3/PEM_read_bio_PrivateKey.pod | 4 +- doc/man3/PKCS7_verify.pod | 2 +- doc/man3/RAND_DRBG_new.pod | 2 +- doc/man3/RAND_DRBG_set_callbacks.pod | 2 +- doc/man3/RAND_add.pod | 2 +- doc/man3/RAND_load_file.pod | 6 +- doc/man3/RSA_blinding_on.pod | 2 +- doc/man3/RSA_private_encrypt.pod | 4 +- doc/man3/RSA_set_method.pod | 2 +- doc/man3/SSL_CONF_cmd.pod | 8 +- doc/man3/SSL_CTX_dane_enable.pod | 6 +- doc/man3/SSL_CTX_set_alpn_select_cb.pod | 2 +- doc/man3/SSL_CTX_set_generate_session_id.pod | 4 +- doc/man3/SSL_CTX_set_info_callback.pod | 4 +- doc/man3/SSL_CTX_set_max_cert_list.pod | 2 +- doc/man3/SSL_CTX_set_mode.pod | 20 ++--- doc/man3/SSL_CTX_set_options.pod | 18 ++--- doc/man3/SSL_CTX_set_psk_client_callback.pod | 2 +- doc/man3/SSL_CTX_set_read_ahead.pod | 2 +- doc/man3/SSL_CTX_set_session_cache_mode.pod | 2 +- doc/man3/SSL_CTX_set_session_id_context.pod | 2 +- doc/man3/SSL_CTX_set_session_ticket_cb.pod | 2 +- doc/man3/SSL_CTX_set_split_send_fragment.pod | 2 +- .../SSL_CTX_set_tlsext_servername_callback.pod | 2 +- doc/man3/SSL_CTX_use_psk_identity_hint.pod | 2 +- doc/man3/SSL_accept.pod | 6 +- doc/man3/SSL_alloc_buffers.pod | 2 +- doc/man3/SSL_connect.pod | 6 +- doc/man3/SSL_do_handshake.pod | 6 +- doc/man3/SSL_get_all_async_fds.pod | 4 +- doc/man3/SSL_get_error.pod | 8 +- doc/man3/SSL_pending.pod | 2 +- doc/man3/SSL_read.pod | 6 +- doc/man3/SSL_read_early_data.pod | 8 +- doc/man3/SSL_set1_host.pod | 4 +- doc/man3/SSL_set_bio.pod | 4 +- doc/man3/SSL_set_fd.pod | 4 +- doc/man3/SSL_set_shutdown.pod | 2 +- doc/man3/SSL_shutdown.pod | 6 +- doc/man3/SSL_state_string.pod | 4 +- doc/man3/SSL_want.pod | 2 +- doc/man3/SSL_write.pod | 4 +- doc/man3/UI_UTIL_read_pw.pod | 2 +- doc/man3/UI_create_method.pod | 2 +- doc/man3/UI_new.pod | 2 +- doc/man3/X509V3_get_d2i.pod | 2 +- doc/man3/X509_ALGOR_dup.pod | 4 +- doc/man3/X509_LOOKUP_hash_dir.pod | 2 +- doc/man3/X509_LOOKUP_meth_new.pod | 2 +- doc/man3/X509_STORE_CTX_get_error.pod | 4 +- doc/man3/X509_STORE_CTX_new.pod | 6 +- doc/man3/X509_STORE_CTX_set_verify_cb.pod | 2 +- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- doc/man3/X509_check_ca.pod | 2 +- doc/man3/X509_check_host.pod | 8 +- doc/man3/X509_check_purpose.pod | 4 +- doc/man3/X509v3_get_ext_by_NID.pod | 2 +- doc/man3/d2i_X509.pod | 4 +- doc/man5/config.pod | 2 +- doc/man5/x509v3_config.pod | 4 +- doc/man7/SM2.pod | 2 +- doc/man7/evp.pod | 12 +-- doc/man7/ossl_store.pod | 2 +- 143 files changed, 322 insertions(+), 322 deletions(-) diff --git a/NOTES.ANDROID b/NOTES.ANDROID index f19ec71b83..293ad4327c 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -6,8 +6,8 @@ ------------------- Beside basic tools like perl and make you'll need to download the Android - NDK. It's available for Linux, Mac OS X and Windows, but only Linux - version was actually tested. There is no reason to believe that Mac OS X + NDK. It's available for Linux, macOS and Windows, but only Linux + version was actually tested. There is no reason to believe that macOS wouldn't work. And as for Windows, it's unclear which "shell" would be suitable, MSYS2 might have best chances. NDK version should play lesser role, the goal is to support a range of most recent versions. diff --git a/NOTES.PERL b/NOTES.PERL index 42c6127724..201b143867 100644 --- a/NOTES.PERL +++ b/NOTES.PERL @@ -109,7 +109,7 @@ $ cpan -f -i Text::Template - Note: on VMS, you must quote any argument that contains upper case + Note: on VMS, you must quote any argument that contains uppercase characters, so the lines above would be: $ cpan -i "Text::Template" diff --git a/NOTES.VMS b/NOTES.VMS index d6a336ff7c..c82e231ad7 100644 --- a/NOTES.VMS +++ b/NOTES.VMS @@ -18,7 +18,7 @@ An ANSI C compiled is needed among other things. This means that VAX C is not and will not be supported. - We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require + We have only tested with DEC C (aka HP VMS C / VSI C) and require version 7.1 or later. Compiling with a different ANSI C compiler may require some work. diff --git a/NOTES.WIN b/NOTES.WIN index b1cb542d09..26c1e6b19b 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -12,11 +12,11 @@ and require --cross-compile-prefix option. While on MSYS[2] it's solved rather by placing gcc that produces "MinGW binary" code 1st on $PATH. This is customarily source of confusion. "Hosted" applications "live" in - emulated file system name space with POSIX-y root, mount points, /dev + emulated filesystem name space with POSIX-y root, mount points, /dev and even /proc. Confusion is intensified by the fact that MSYS2 shell (or rather emulated execve(2) call) examines the binary it's about to start, and if it's found *not* to be linked with MSYS2 POSIX-y thing, - command line arguments that look like file names get translated from + command line arguments that look like filenames get translated from emulated name space to "native". For example '/c/some/where' becomes 'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that there is no difference between MSYS2 shell and "MinGW binary", but @@ -26,7 +26,7 @@ it's referred to in quotes here, as "MinGW binary", it's just as "native" as it can get.) - Visual C++ builds, a.k.a. VC-* + Visual C++ builds, aka VC-* ============================== Requirement details @@ -47,7 +47,7 @@ the other hand oldest one is known not to work. Everything between falls into best-effort category. - - Netwide Assembler, a.k.a. NASM, available from https://www.nasm.us, + - Netwide Assembler, aka NASM, available from https://www.nasm.us, is required. Note that NASM is the only supported assembler. Even though Microsoft provided assembler is NOT supported, contemporary 64-bit version is exercised through continuous integration of @@ -132,7 +132,7 @@ If you link with static OpenSSL libraries then you're expected to additionally link your application with WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing - non-interactive service applications might feel concerned about + noninteractive service applications might feel concerned about linking with GDI32.LIB and USER32.LIB, as they are justly associated with interactive desktop, which is not available to service processes. The toolkit is designed to detect in which context it's diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod index 0176f20178..7b72e32338 100644 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -164,7 +164,7 @@ Create the CA directories and files: CA.pl -newca -enter cacert.pem when prompted for the CA file name. +enter cacert.pem when prompted for the CA filename. Create a DSA certificate request and private key (a different set of parameters can optionally be created first): diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod index 27bb31493a..1502946906 100644 --- a/doc/man1/ca.pod +++ b/doc/man1/ca.pod @@ -219,7 +219,7 @@ DNs match the order of the request. This is not needed for Xenroll. =item B<-noemailDN> The DN of a certificate can contain the EMAIL field if present in the -request DN, however it is good policy just having the e-mail set into +request DN, however, it is good policy just having the e-mail set into the altName extension of the certificate. When this option is set the EMAIL field is removed from the certificate' subject and set only in the, eventually present, extensions. The B keyword can be diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod index 6f20ac1fc7..9f5a4f487f 100644 --- a/doc/man1/enc.pod +++ b/doc/man1/enc.pod @@ -240,7 +240,7 @@ a strong block cipher, such as AES, in CBC mode. All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to -be performed. However since the chance of random data passing the test +be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. If padding is disabled then the input data must be a multiple of the cipher diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod index 736055b1b6..d4d18f8ffd 100644 --- a/doc/man1/ocsp.pod +++ b/doc/man1/ocsp.pod @@ -176,7 +176,7 @@ Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. =item B<-host hostname:port>, B<-path pathname> If the B option is present then the OCSP request is sent to the host -B on port B. B specifies the HTTP path name to use +B on port B. B specifies the HTTP pathname to use or "/" by default. This is equivalent to specifying B<-url> with scheme http:// and the given hostname, port, and pathname. diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod index da887a4699..d07e8bd613 100644 --- a/doc/man1/pkcs12.pod +++ b/doc/man1/pkcs12.pod @@ -245,7 +245,7 @@ This option is only interpreted by MSIE and similar MS software. Normally encryption purposes but arbitrary length keys for signing. The B<-keysig> option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and SSL client -authentication, however due to a bug only MSIE 5.0 and later support +authentication, however, due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication. =item B<-macalg digest> diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod index b079885d2f..53367dc650 100644 --- a/doc/man1/pkcs8.pod +++ b/doc/man1/pkcs8.pod @@ -285,7 +285,7 @@ one million iterations of the password: Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +keys produced and therefore, it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index dffc449a4e..e24021508e 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -38,7 +38,7 @@ B B =head1 DESCRIPTION -The B command can be used to perform low level public key operations +The B command can be used to perform low-level public key operations using any supported algorithm. =head1 OPTIONS diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 86cc295691..132778b4d9 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -427,11 +427,11 @@ File to send output of B<-msg> or B<-trace> to, default standard output. =item B<-nbio_test> -Tests non-blocking I/O +Tests nonblocking I/O =item B<-nbio> -Turns on non-blocking I/O +Turns on nonblocking I/O =item B<-crlf> @@ -781,14 +781,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B the CA list can be viewed -and checked. However some servers only request client authentication +and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefore merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 7fa382a8ae..5e9d09cebf 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -432,9 +432,9 @@ used in conjunction with B<-early_data>. =item B<-id_prefix val> Generate SSL/TLS session IDs prefixed by B. This is mostly useful -for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session -IDs (eg. with a certain prefix). +IDs (e.g. with a certain prefix). =item B<-rand file...> diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod index 04cae196a5..1085bfbbb4 100644 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -177,14 +177,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using L the CA list can be -viewed and checked. However some servers only request client authentication +viewed and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option of L and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefore merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. =head1 BUGS diff --git a/doc/man1/sess_id.pod b/doc/man1/sess_id.pod index 6c54ed988b..543b5b7de7 100644 --- a/doc/man1/sess_id.pod +++ b/doc/man1/sess_id.pod @@ -142,7 +142,7 @@ The PEM encoded session format uses the header and footer lines: Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this -information. Therefore appropriate security precautions should be taken if +information. Therefore, appropriate security precautions should be taken if the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes. diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod index ec57ec7ebb..a21e2a5f05 100644 --- a/doc/man1/ts.pod +++ b/doc/man1/ts.pod @@ -101,23 +101,23 @@ the hash to the TSA. =item 2. The TSA attaches the current date and time to the received hash value, -signs them and sends the time stamp token back to the client. By +signs them and sends the timestamp token back to the client. By creating this token the TSA certifies the existence of the original data file at the time of response generation. =item 3. -The TSA client receives the time stamp token and verifies the +The TSA client receives the timestamp token and verifies the signature on it. It also checks if the token contains the same hash value that it had sent to the TSA. =back -There is one DER encoded protocol data unit defined for transporting a time -stamp request to the TSA and one for sending the time stamp response +There is one DER encoded protocol data unit defined for transporting +a timestamp request to the TSA and one for sending the timestamp response back to the client. The B command has three main functions: -creating a time stamp request based on a data file, -creating a time stamp response based on a request, verifying if a +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a response corresponds to a particular request or a data file. There is no support for sending the requests/responses automatically @@ -128,7 +128,7 @@ requests either by ftp or e-mail. =head2 Time Stamp Request generation -The B<-query> switch can be used for creating and printing a time stamp +The B<-query> switch can be used for creating and printing a timestamp request with the following options: =over 4 @@ -154,7 +154,7 @@ see L. =item B<-data> file_to_hash -The data file for which the time stamp request needs to be +The data file for which the timestamp request needs to be created. stdin is the default if neither the B<-data> nor the B<-digest> parameter is specified. (Optional) @@ -175,7 +175,7 @@ The default is SHA-1. (Optional) =item B<-tspolicy> object_id The policy that the client expects the TSA to use for creating the -time stamp token. Either the dotted OID notation or OID names defined +timestamp token. Either the dotted OID notation or OID names defined in the config file can be used. If no policy is requested the TSA will use its own default policy. (Optional) @@ -193,7 +193,7 @@ response. (Optional) =item B<-in> request.tsq -This option specifies a previously created time stamp request in DER +This option specifies a previously created timestamp request in DER format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional) @@ -212,13 +212,13 @@ instead of DER. (Optional) =head2 Time Stamp Response generation -A time stamp response (TimeStampResp) consists of a response status -and the time stamp token itself (ContentInfo), if the token generation was -successful. The B<-reply> command is for creating a time stamp -response or time stamp token based on a request and printing the +A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The B<-reply> command is for creating a timestamp +response or timestamp token based on a request and printing the response/token in human-readable format. If B<-token_out> is not -specified the output is always a time stamp response (TimeStampResp), -otherwise it is a time stamp token (ContentInfo). +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo). =over 4 @@ -237,7 +237,7 @@ used, see B for details. (Optional) =item B<-queryfile> request.tsq -The name of the file containing a DER encoded time stamp request. (Optional) +The name of the file containing a DER encoded timestamp request. (Optional) =item B<-passin> password_src @@ -282,19 +282,19 @@ B config file option. (Optional) =item B<-in> response.tsr -Specifies a previously created time stamp response or time stamp token +Specifies a previously created timestamp response or timestamp token (if B<-token_in> is also specified) in DER format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or -token or you want to extract the time stamp token from a response. If -the input is a token and the output is a time stamp response a default +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default 'granted' status info is added to the token. (Optional) =item B<-token_in> This flag can be used together with the B<-in> option and indicates -that the input is a DER encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) =item B<-out> response.tsr @@ -304,7 +304,7 @@ stdout. (Optional) =item B<-token_out> -The output is a time stamp token (ContentInfo) instead of time stamp +The output is a timestamp token (ContentInfo) instead of timestamp response (TimeStampResp). (Optional) =item B<-text> @@ -323,8 +323,8 @@ for all available algorithms. Default is builtin. (Optional) =head2 Time Stamp Response verification -The B<-verify> command is for verifying if a time stamp response or time -stamp token is valid and matches a particular time stamp request or +The B<-verify> command is for verifying if a timestamp response or +timestamp token is valid and matches a particular timestamp request or data file. The B<-verify> command does not use the configuration file. =over 4 @@ -345,18 +345,18 @@ specified with this one. (Optional) =item B<-queryfile> request.tsq -The original time stamp request in DER format. The B<-data> and B<-digest> +The original timestamp request in DER format. The B<-data> and B<-digest> options must not be specified with this one. (Optional) =item B<-in> response.tsr -The time stamp response that needs to be verified in DER format. (Mandatory) +The timestamp response that needs to be verified in DER format. (Mandatory) =item B<-token_in> This flag can be used together with the B<-in> option and indicates -that the input is a DER encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) =item B<-CApath> trusted_cert_path @@ -430,7 +430,7 @@ See L for description. (Optional) =item B The name of the file containing the hexadecimal serial number of the -last time stamp response created. This number is incremented by 1 for +last timestamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory) @@ -487,7 +487,7 @@ the components is missing zero is assumed for that field. (Optional) =item B Specifies the maximum number of digits, which represent the fraction of -seconds, that need to be included in the time field. The trailing zeroes +seconds, that need to be included in the time field. The trailing zeros must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on UNIX platforms. The maximum value is 6, default is 0. @@ -530,13 +530,13 @@ openssl/apps/openssl.cnf will do. =head2 Time Stamp Request -To create a time stamp request for design1.txt with SHA-1 +To create a timestamp request for design1.txt with SHA-1 without nonce and policy and no certificate is required in the response: openssl ts -query -data design1.txt -no_nonce \ -out design1.tsq -To create a similar time stamp request with specifying the message imprint +To create a similar timestamp request with specifying the message imprint explicitly: openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ @@ -546,7 +546,7 @@ To print the content of the previous request in human readable format: openssl ts -query -in design1.tsq -text -To create a time stamp request which includes the MD-5 digest +To create a timestamp request which includes the MD-5 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the OID section of the config file): @@ -568,7 +568,7 @@ below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA. -To create a time stamp response for a request: +To create a timestamp response for a request: openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \ -signer tsacert.pem -out design1.tsr @@ -577,44 +577,44 @@ If you want to use the settings in the config file you could just write: openssl ts -reply -queryfile design1.tsq -out design1.tsr -To print a time stamp reply to stdout in human readable format: +To print a timestamp reply to stdout in human readable format: openssl ts -reply -in design1.tsr -text -To create a time stamp token instead of time stamp response: +To create a timestamp token instead of timestamp response: openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out -To print a time stamp token to stdout in human readable format: +To print a timestamp token to stdout in human readable format: openssl ts -reply -in design1_token.der -token_in -text -token_out -To extract the time stamp token from a response: +To extract the timestamp token from a response: openssl ts -reply -in design1.tsr -out design1_token.der -token_out -To add 'granted' status info to a time stamp token thereby creating a +To add 'granted' status info to a timestamp token thereby creating a valid response: openssl ts -reply -in design1_token.der -token_in -out design1.tsr =head2 Time Stamp Verification -To verify a time stamp reply against a request: +To verify a timestamp reply against a request: openssl ts -verify -queryfile design1.tsq -in design1.tsr \ -CAfile cacert.pem -untrusted tsacert.pem -To verify a time stamp reply that includes the certificate chain: +To verify a timestamp reply that includes the certificate chain: openssl ts -verify -queryfile design2.tsq -in design2.tsr \ -CAfile cacert.pem -To verify a time stamp token against the original data file: +To verify a timestamp token against the original data file: openssl ts -verify -data design2.txt -in design2.tsr \ -CAfile cacert.pem -To verify a time stamp token against a message imprint: +To verify a timestamp token against a message imprint: openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ -in design2.tsr -CAfile cacert.pem @@ -628,7 +628,7 @@ You could also look at the 'test' directory for more examples. =item * -No support for time stamps over SMTP, though it is quite easy +No support for timestamps over SMTP, though it is quite easy to implement an automatic e-mail based TSA with L and L. HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by @@ -638,7 +638,7 @@ L. Pure TCP/IP protocol is not supported. The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one -instance of L is trying to create a time stamp +instance of L is trying to create a timestamp response at the same time. This is not an issue when using the apache server module, it does proper locking. diff --git a/doc/man1/tsget.pod b/doc/man1/tsget.pod index 43bf2c7e35..9f58201fd5 100644 --- a/doc/man1/tsget.pod +++ b/doc/man1/tsget.pod @@ -24,15 +24,15 @@ B<-h> server_url =head1 DESCRIPTION -The B command can be used for sending a time stamp request, as -specified in B, to a time stamp server over HTTP or HTTPS and storing -the time stamp response in a file. This tool cannot be used for creating the +The B command can be used for sending a timestamp request, as +specified in B, to a timestamp server over HTTP or HTTPS and storing +the timestamp response in a file. This tool cannot be used for creating the requests and verifying responses, you can use the OpenSSL B command to do that. B can send several requests to the server without closing the TCP connection if more than one requests are specified on the command line. -The tool sends the following HTTP request for each time stamp request: +The tool sends the following HTTP request for each timestamp request: POST url HTTP/1.1 User-Agent: OpenTSA tsget.pl/ @@ -53,7 +53,7 @@ written to a file without any interpretation. =item B<-h> server_url -The URL of the HTTP/HTTPS server listening for time stamp requests. +The URL of the HTTP/HTTPS server listening for timestamp requests. =item B<-e> extension @@ -64,8 +64,8 @@ the input files. Default extension is '.tsr'. (Optional) =item B<-o> output This option can be specified only when just one request is sent to the -server. The time stamp response will be written to the given output file. '-' -means standard output. In case of multiple time stamp requests or the absence +server. The timestamp response will be written to the given output file. '-' +means standard output. In case of multiple timestamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional) @@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional) =item [request]... -List of files containing B DER-encoded time stamp requests. If no +List of files containing B DER-encoded timestamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) @@ -139,35 +139,35 @@ arguments. =head1 EXAMPLES The examples below presume that B and B contain valid -time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests and at port 8443 for HTTPS requests, the TSA service is available at the /tsa absolute path. -Get a time stamp response for file1.tsq over HTTP, output is written to +Get a timestamp response for file1.tsq over HTTP, output is written to file1.tsr: tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq -Get a time stamp response for file1.tsq and file2.tsq over HTTP showing +Get a timestamp response for file1.tsq and file2.tsq over HTTP showing progress, output is written to file1.reply and file2.reply respectively: tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \ file1.tsq file2.tsq -Create a time stamp request, write it to file3.tsq, send it to the server and +Create a timestamp request, write it to file3.tsq, send it to the server and write the response to file3.tsr: openssl ts -query -data file3.txt -cert | tee file3.tsq \ | tsget -h http://tsa.opentsa.org:8080/tsa \ -o file3.tsr -Get a time stamp response for file1.tsq over HTTPS without client +Get a timestamp response for file1.tsq over HTTPS without client authentication: tsget -h https://tsa.opentsa.org:8443/tsa \ -C cacerts.pem file1.tsq -Get a time stamp response for file1.tsq over HTTPS with certificate-based +Get a timestamp response for file1.tsq over HTTPS with certificate-based client authentication (it will ask for the passphrase if client_key.pem is protected): diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod index 18e803c8d6..0a49d790c0 100644 --- a/doc/man1/verify.pod +++ b/doc/man1/verify.pod @@ -336,7 +336,7 @@ in PEM format. =head1 VERIFY OPERATION The B program uses the same functions as the internal SSL and S/MIME -verification, therefore this description applies to these verify operations +verification, therefore, this description applies to these verify operations too. There is one crucial difference between the verify operations performed diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod index 65cec9dbda..98d285e414 100644 --- a/doc/man1/x509.pod +++ b/doc/man1/x509.pod @@ -255,7 +255,7 @@ Prints out the start and expiry dates of a certificate. =item B<-checkend arg> Checks if the certificate expires within the next B seconds and exits -non-zero if yes it will expire or zero if not. +nonzero if yes it will expire or zero if not. =item B<-fingerprint> diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index ac6a5799df..b4f961eab8 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -81,7 +81,7 @@ instead. In general an B or B type can contain an integer of almost arbitrary size and so cannot always be represented by a C -B type. However in many cases (for example version numbers) they +B type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod index 85d356540b..595e63ad51 100644 --- a/doc/man3/ASN1_STRING_length.pod +++ b/doc/man3/ASN1_STRING_length.pod @@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, and for an UTF8String it will be in UTF8 format. +character in big endian format, and for a UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index 5ed817517d..a115db4c85 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -117,7 +117,7 @@ one or both (depending on the time difference) of B<*pday> and B<*psec> will be positive. If B represents a time earlier than B then one or both of B<*pday> and B<*psec> will be negative. If B and B represent the same time then B<*pday> and B<*psec> will both be zero. -If both B<*pday> and B<*psec> are non-zero they will always have the same +If both B<*pday> and B<*psec> are nonzero they will always have the same sign. The value of B<*psec> will always be less than the number of seconds in a day. If B or B is NULL the current time is used. @@ -167,7 +167,7 @@ format. =head1 BUGS ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() -do not print out the time zone: it either prints out "GMT" or nothing. But all +do not print out the timezone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway. Use the ASN1_TIME_normalize() function to normalize the time value before diff --git a/doc/man3/ASN1_TYPE_get.pod b/doc/man3/ASN1_TYPE_get.pod index fb797220a4..f14850b39f 100644 --- a/doc/man3/ASN1_TYPE_get.pod +++ b/doc/man3/ASN1_TYPE_get.pod @@ -33,7 +33,7 @@ up after the call. ASN1_TYPE_set1() sets the value of B to B a copy of B. ASN1_TYPE_cmp() compares ASN.1 types B and B and returns 0 if -they are identical and non-zero otherwise. +they are identical and nonzero otherwise. ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in B using the ASN.1 structure B. If successful it returns a pointer @@ -62,12 +62,12 @@ length octets). ASN1_TYPE_cmp() may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean TRUE -value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will +value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will only return zero if the values are the same. If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the -return value is non-zero. Technically if both parameters are NULL the two -types could be absent OPTIONAL fields and so should match, however passing +return value is nonzero. Technically if both parameters are NULL the two +types could be absent OPTIONAL fields and so should match, however, passing NULL values could also indicate a programming error (for example an unparsable type which returns NULL) for types which do B match. So applications should handle the case of two absent values separately. @@ -80,7 +80,7 @@ ASN1_TYPE_set() does not return a value. ASN1_TYPE_set1() returns 1 for success and 0 for failure. -ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise. +ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise. ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or NULL on failure. diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index e4d809c08f..6f6a217e16 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -50,7 +50,7 @@ job in B<*fd>. The number of file descriptors returned will be stored in B<*numfds>. It is the caller's responsibility to ensure that sufficient memory has been allocated in B<*fd> to receive all the file descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL B value will return no file -descriptors but will still populate B<*numfds>. Therefore application code is +descriptors but will still populate B<*numfds>. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return @@ -117,7 +117,7 @@ success or 0 on error. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod index b06db76708..b7f3448bb5 100644 --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -166,7 +166,7 @@ otherwise. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. diff --git a/doc/man3/BF_encrypt.pod b/doc/man3/BF_encrypt.pod index b20f634da6..ebf1e3f89b 100644 --- a/doc/man3/BF_encrypt.pod +++ b/doc/man3/BF_encrypt.pod @@ -60,7 +60,7 @@ recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where B is simply initialized to zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while -BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter B, which is a pointer to an integer where the current diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod index 4b169e8a89..c23d62be92 100644 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -42,7 +42,7 @@ BIO_ADDR_free() frees a B created with BIO_ADDR_new(). BIO_ADDR_clear() clears any data held within the provided B and sets it back to an uninitialised state. -BIO_ADDR_rawmake() takes a protocol B, an byte array of +BIO_ADDR_rawmake() takes a protocol B, a byte array of size B with an address in network byte order pointed at by B and a port number in network byte order in B (except for the B protocol family, where B is meaningless and diff --git a/doc/man3/BIO_ADDRINFO.pod b/doc/man3/BIO_ADDRINFO.pod index 8ca6454abb..8414a118d5 100644 --- a/doc/man3/BIO_ADDRINFO.pod +++ b/doc/man3/BIO_ADDRINFO.pod @@ -94,7 +94,7 @@ information they should return isn't available. The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() function. On Linux it is known that specifying 0 for the protocol will not -return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP +return any SCTP based addresses when calling getaddrinfo(). Therefore, if an SCTP address is required then the B parameter to BIO_lookup_ex() should be explicitly set to IPPROTO_SCTP. The same may be true on other platforms. diff --git a/doc/man3/BIO_connect.pod b/doc/man3/BIO_connect.pod index 853315aa46..c695e0730a 100644 --- a/doc/man3/BIO_connect.pod +++ b/doc/man3/BIO_connect.pod @@ -55,7 +55,7 @@ Enables regular sending of keep-alive messages. =item BIO_SOCK_NONBLOCK -Sets the socket to non-blocking mode. +Sets the socket to nonblocking mode. =item BIO_SOCK_NODELAY diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index 60cd10883b..9fd60a6747 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -109,7 +109,7 @@ Filter BIOs if they do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant BIO. However this can cause +be automatically passed to the relevant BIO. However, this can cause unexpected results: for example no current filter BIOs implement BIO_seek(), but this may still succeed if the chain ends in a FILE or file descriptor BIO. diff --git a/doc/man3/BIO_get_data.pod b/doc/man3/BIO_get_data.pod index c3137c4c55..4b10e1a90e 100644 --- a/doc/man3/BIO_get_data.pod +++ b/doc/man3/BIO_get_data.pod @@ -25,7 +25,7 @@ the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). This can be used by custom BIOs for storing implementation specific information. The BIO_set_init() function sets the value of the BIO's "init" flag to indicate -whether initialisation has been completed for this BIO or not. A non-zero value +whether initialisation has been completed for this BIO or not. A nonzero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the BIO. For some BIOs however, initialisation may not complete until after additional steps diff --git a/doc/man3/BIO_parse_hostserv.pod b/doc/man3/BIO_parse_hostserv.pod index 73cb6100d7..01fa8abd85 100644 --- a/doc/man3/BIO_parse_hostserv.pod +++ b/doc/man3/BIO_parse_hostserv.pod @@ -19,10 +19,10 @@ BIO_parse_hostserv =head1 DESCRIPTION BIO_parse_hostserv() will parse the information given in B, -create strings with the host name and service name and give those +create strings with the hostname and service name and give those back via B and B. Those will need to be freed after they are used. B helps determine if B shall -be interpreted primarily as a host name or a service name in ambiguous +be interpreted primarily as a hostname or a service name in ambiguous cases. The syntax the BIO_parse_hostserv() recognises is: diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod index 270ab533e5..f548cdd226 100644 --- a/doc/man3/BIO_read.pod +++ b/doc/man3/BIO_read.pod @@ -55,7 +55,7 @@ NUL is not included in the length returned by BIO_gets(). =head1 NOTES A 0 or -1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type +particular when the source/sink is nonblocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod index 37b6f4d839..7b5ac87e66 100644 --- a/doc/man3/BIO_s_accept.pod +++ b/doc/man3/BIO_s_accept.pod @@ -143,7 +143,7 @@ however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection. -If the underlying accept socket is non-blocking and BIO_do_accept() is +If the underlying accept socket is nonblocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod index f78fe13489..ba6225c893 100644 --- a/doc/man3/BIO_s_bio.pod +++ b/doc/man3/BIO_s_bio.pod @@ -144,7 +144,7 @@ without having to go through the SSL-interface. ... BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); SSL_set_bio(ssl, internal_bio, internal_bio); - SSL_operations(); /* e.g SSL_read and SSL_write */ + SSL_operations(); /* e.g. SSL_read and SSL_write */ ... application | TLS-engine @@ -167,7 +167,7 @@ without having to go through the SSL-interface. ... As the BIO pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write +connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod index 4f145297c5..aa99c92abe 100644 --- a/doc/man3/BIO_s_connect.pod +++ b/doc/man3/BIO_s_connect.pod @@ -106,7 +106,7 @@ If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. -If the port name is supplied as part of the host name then this will +If the port name is supplied as part of the hostname then this will override any value set with BIO_set_conn_port(). This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' diff --git a/doc/man3/BIO_s_file.pod b/doc/man3/BIO_s_file.pod index 2ed0bb3c0f..12843b0125 100644 --- a/doc/man3/BIO_s_file.pod +++ b/doc/man3/BIO_s_file.pod @@ -78,7 +78,7 @@ in stdio behaviour will be mirrored by the corresponding BIO. On Windows BIO_new_files reserves for the filename argument to be UTF-8 encoded. In other words if you have to make it work in multi- -lingual environment, encode file names in UTF-8. +lingual environment, encode filenames in UTF-8. =head1 RETURN VALUES diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod index 291456baa4..c9281a83ad 100644 --- a/doc/man3/BIO_set_callback.pod +++ b/doc/man3/BIO_set_callback.pod @@ -31,7 +31,7 @@ BIO_callback_fn_ex, BIO_callback_fn =head1 DESCRIPTION BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO -callback. The callback is called during most high level BIO operations. It can +callback. The callback is called during most high-level BIO operations. It can be used for debugging purposes to trace operations on a BIO or to modify its operation. diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index 0f0e49556d..7203b78d13 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -68,16 +68,16 @@ For division by powers of 2, use BN_rshift(3). BN_mod() corresponds to BN_div() with I set to B. -BN_nnmod() reduces I modulo I and places the non-negative +BN_nnmod() reduces I modulo I and places the nonnegative remainder in I. -BN_mod_add() adds I to I modulo I and places the non-negative +BN_mod_add() adds I to I modulo I and places the nonnegative result in I. BN_mod_sub() subtracts I from I modulo I and places the -non-negative result in I. +nonnegative result in I. -BN_mod_mul() multiplies I by I and finds the non-negative +BN_mod_mul() multiplies I by I and finds the nonnegative remainder respective to modulus I (C). I may be the same B as I or I. For more efficient algorithms for repeated computations using the same modulus, see diff --git a/doc/man3/BN_bn2bin.pod b/doc/man3/BN_bn2bin.pod index b3cbc8cb66..8548a16954 100644 --- a/doc/man3/BN_bn2bin.pod +++ b/doc/man3/BN_bn2bin.pod @@ -37,7 +37,7 @@ memory. BN_bn2binpad() also converts the absolute value of B into big-endian form and stores it at B. B indicates the length of the output buffer -B. The result is padded with zeroes if necessary. If B is less than +B. The result is padded with zeros if necessary. If B is less than BN_num_bytes(B ) an error is returned. BN_bin2bn() converts the positive integer in big-endian form of length diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index f1e63f3b3c..25674d0348 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -127,7 +127,7 @@ For instance, to reach the 128 bit security level, B should be set to If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a -pre-allocated B (to save the overhead of allocating and +preallocated B (to save the overhead of allocating and freeing the structure in a loop), or B. BN_GENCB_call() calls the callback function held in the B structure diff --git a/doc/man3/BN_mod_mul_montgomery.pod b/doc/man3/BN_mod_mul_montgomery.pod index 7f47e94c2b..c0d43bbad6 100644 --- a/doc/man3/BN_mod_mul_montgomery.pod +++ b/doc/man3/BN_mod_mul_montgomery.pod @@ -49,7 +49,7 @@ the result in I. BN_from_montgomery() performs the Montgomery reduction I = I *R^-1. BN_to_montgomery() computes Mont(I ,R^2), i.e. I *R. -Note that I must be non-negative and smaller than the modulus. +Note that I must be nonnegative and smaller than the modulus. For all functions, I is a previously allocated B used for temporary variables. diff --git a/doc/man3/BN_set_bit.pod b/doc/man3/BN_set_bit.pod index af02983c8f..537d730d74 100644 --- a/doc/man3/BN_set_bit.pod +++ b/doc/man3/BN_set_bit.pod @@ -37,11 +37,11 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). Note that B must be non-negative. BN_lshift1() shifts +B (C). Note that B must be nonnegative. BN_lshift1() shifts B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). Note that B must be non-negative. BN_rshift1() shifts +B (C). Note that B must be nonnegative. BN_rshift1() shifts B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index b6650fdeb6..b761c9281b 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -94,7 +94,7 @@ useful if one merely wishes to write the content to B and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod index b919e2e478..7f0392ceb1 100644 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -93,7 +93,7 @@ On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore it is defined as an +one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required. diff --git a/doc/man3/CRYPTO_memcmp.pod b/doc/man3/CRYPTO_memcmp.pod index 9182d00796..a65a41fdcf 100644 --- a/doc/man3/CRYPTO_memcmp.pod +++ b/doc/man3/CRYPTO_memcmp.pod @@ -19,13 +19,13 @@ contents of the memory regions pointed to by B and B. =head1 RETURN VALUES -CRYPTO_memcmp() returns 0 if the memory regions are equal and non-zero +CRYPTO_memcmp() returns 0 if the memory regions are equal and nonzero otherwise. =head1 NOTES Unlike memcmp(2), this function cannot be used to order the two memory regions -as the return value when they differ is undefined, other than being non-zero. +as the return value when they differ is undefined, other than being nonzero. =head1 COPYRIGHT diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod index 04df6ec0df..035d7f876a 100644 --- a/doc/man3/DES_random_key.pod +++ b/doc/man3/DES_random_key.pod @@ -120,7 +120,7 @@ is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. DES_set_key() works like -DES_set_key_checked() if the I flag is non-zero, +DES_set_key_checked() if the I flag is nonzero, otherwise like DES_set_key_unchecked(). These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. @@ -137,7 +137,7 @@ DES_ecb_encrypt() is the basic DES encryption routine that encrypts or decrypts a single 8-byte I in I (ECB) mode. It always transforms the input data, pointed to by I, into the output data, pointed to by the I argument. -If the I argument is non-zero (DES_ENCRYPT), the I +If the I argument is nonzero (DES_ENCRYPT), the I (cleartext) is encrypted in to the I (ciphertext) using the key_schedule specified by the I argument, previously set via I. If I is zero (DES_DECRYPT), the I (now @@ -156,7 +156,7 @@ The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES encryption by using I for the final encryption. DES_ncbc_encrypt() encrypts/decrypts using the I -(CBC) mode of DES. If the I argument is non-zero, the +(CBC) mode of DES. If the I argument is nonzero, the routine cipher-block-chain encrypts the cleartext data pointed to by the I argument into the ciphertext pointed to by the I argument, using the key schedule provided by the I argument, diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod index e878fa0051..feec38e492 100644 --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -81,7 +81,7 @@ DH_get0_engine() returns a handle to the ENGINE that has been set for this DH object, or NULL if no such ENGINE has been set. The DH_get_length() and DH_set_length() functions get and set the optional -length parameter associated with this DH object. If the length is non-zero then +length parameter associated with this DH object. If the length is nonzero then it is used, otherwise it is ignored. The B parameter indicates the length of the secret exponent (private key) in bits. diff --git a/doc/man3/DH_set_method.pod b/doc/man3/DH_set_method.pod index ea45961f15..c183383860 100644 --- a/doc/man3/DH_set_method.pod +++ b/doc/man3/DH_set_method.pod @@ -45,7 +45,7 @@ DH_set_method() selects B to perform all operations using the key B. This will replace the DH_METHOD used by the DH key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DH keys that only work with certain DH_METHOD -implementations (eg. from an ENGINE module that supports embedded +implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results. @@ -64,7 +64,7 @@ Bs. DH_set_default_method() returns no value. -DH_set_method() returns non-zero if the provided B was successfully set as +DH_set_method() returns nonzero if the provided B was successfully set as the method for B (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). diff --git a/doc/man3/DSA_set_method.pod b/doc/man3/DSA_set_method.pod index f10307e66d..ee91e01cb9 100644 --- a/doc/man3/DSA_set_method.pod +++ b/doc/man3/DSA_set_method.pod @@ -46,7 +46,7 @@ DSA_set_method() selects B to perform all operations using the key B. This will replace the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DSA keys that only -work with certain DSA_METHOD implementations (eg. from an ENGINE module +work with certain DSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results. See L for information on constructing custom DSA_METHOD @@ -64,7 +64,7 @@ Bs. DSA_set_default_method() returns no value. -DSA_set_method() returns non-zero if the provided B was successfully set as +DSA_set_method() returns nonzero if the provided B was successfully set as the method for B (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index 98511a475f..7daa32bd1a 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -35,7 +35,7 @@ message then the amplification attack has succeeded. If DTLS is used over UDP (or any datagram based protocol that does not validate the source IP) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as TCP). -If TCP is being used then there is no need to use SSL_stateless(). However some +If TCP is being used then there is no need to use SSL_stateless(). However, some stream-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. @@ -98,7 +98,7 @@ will be set up ready to continue the handshake. the B value will also be filled in. A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking IO, or some invalid message having been +example) be because of nonblocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to DTLSv1_listen() in the event of a non-fatal error. diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 6a7d107079..bce8691f28 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -5,7 +5,7 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, -ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) +ECDSA_do_sign_ex - low-level elliptic curve digital signature algorithm (ECDSA) functions =head1 SYNOPSIS @@ -40,7 +40,7 @@ functions =head1 DESCRIPTION -Note: these functions provide a low level interface to ECDSA. Most +Note: these functions provide a low-level interface to ECDSA. Most applications should use the higher level B interface such as L or L instead. diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index c80b191785..04767d7688 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -84,7 +84,7 @@ specific PK B. EC_GROUP_set_curve() sets the curve parameters B

, B and B. For a curve over Fp B

is the prime for the field. For a curve over F2^m B

represents the irreducible polynomial - each bit represents a term in the polynomial. -Therefore there will either be three or five bits set dependent on whether the +Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, B and B represents the coefficients a and b from the relevant equation introduced above. diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod index 8cadaa75f1..4820d8597a 100644 --- a/doc/man3/EC_POINT_new.pod +++ b/doc/man3/EC_POINT_new.pod @@ -148,7 +148,7 @@ EC_POINT_get_Jprojective_coordinates_GFp() respectively. Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve -there will only ever be two possible values for y. Therefore a point can be set +there will only ever be two possible values for y. Therefore, a point can be set using the EC_POINT_set_compressed_coordinates() function where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index a2fc299482..b44c8e591f 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -181,7 +181,7 @@ implementation includes the following abstractions; =head2 Reference counting and handles Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be -treated as handles - ie. not only as pointers, but also as references to +treated as handles - i.e. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and released) independently. @@ -252,15 +252,15 @@ operational ENGINE for a given cryptographic purpose. To obtain a functional reference from an existing structural reference, call the ENGINE_init() function. This returns zero if the ENGINE was not -already operational and couldn't be successfully initialised (eg. lack of +already operational and couldn't be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will -return non-zero to indicate that the ENGINE is now operational and will +return nonzero to indicate that the ENGINE is now operational and will have allocated a new B reference to the ENGINE. All functional references are released by calling ENGINE_finish() (which removes the implicit structural reference as well). The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by ENGINE_get_default_RSA(), +default implementation for a given task, e.g. by ENGINE_get_default_RSA(), ENGINE_get_default_cipher_engine(), etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant @@ -278,7 +278,7 @@ In the case of other abstractions like RSA, DSA, etc, there is only one "algorithm" so all implementations implicitly register using the same 'nid' index. -When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. +When a default ENGINE is requested for a given abstraction/algorithm/mode, (e.g. when calling RSA_new_method(NULL)), a "get_default" call will be made to the ENGINE subsystem to process the corresponding state table and return a functional reference to an initialised ENGINE whose implementation should be @@ -328,7 +328,7 @@ is something for the application to control. Some applications will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any ENGINE that is able to -successfully initialise - ie. to assume that this corresponds to +successfully initialise - i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a @@ -417,7 +417,7 @@ so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an ENGINE B attempting to initialise it, ie. before +passed to an ENGINE B attempting to initialise it, i.e. before calling ENGINE_init(). The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after ENGINE_init(), or @@ -477,7 +477,7 @@ boolean success or failure. } Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can -relax the semantics of the function - if set non-zero it will only return +relax the semantics of the function - if set nonzero it will only return failure if the ENGINE supported the given command name but failed while executing it, if the ENGINE doesn't support the command name it will simply return success without doing anything. In this case we assume the user is @@ -490,7 +490,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. +ENGINE, i.e. the ENGINE's ctrl() handler is not used for the control command. openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the @@ -556,7 +556,7 @@ by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an ENGINE -supports certain specific commands it might want to use (eg. application "foo" +supports certain specific commands it might want to use (e.g. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension). diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod index a76df03882..bfeaa3d48f 100644 --- a/doc/man3/ERR_get_error.pod +++ b/doc/man3/ERR_get_error.pod @@ -45,7 +45,7 @@ messages. ERR_get_error_line(), ERR_peek_error_line() and ERR_peek_last_error_line() are the same as the above, but they -additionally store the file name and line number where +additionally store the filename and line number where the error occurred in *B and *B, unless these are B. ERR_get_error_line_data(), ERR_peek_error_line_data() and diff --git a/doc/man3/ERR_print_errors.pod b/doc/man3/ERR_print_errors.pod index f7e612f618..7f83c1937e 100644 --- a/doc/man3/ERR_print_errors.pod +++ b/doc/man3/ERR_print_errors.pod @@ -29,7 +29,7 @@ B as the callback parameters. The error strings will have the following format: - [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] + [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] I is an 8 digit hexadecimal number. I, I and I are ASCII text, as is I interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. New applications should use the SHA-2 (such as L) or the SHA-3 diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 912880a5e1..4efc8a4974 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -20,7 +20,7 @@ EVP_DigestSign - EVP signing functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be created with @@ -110,7 +110,7 @@ The error codes can be obtained from L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestSign() is a one shot operation which signs a single block of data diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 0806cd5d58..984cef4db3 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -19,7 +19,7 @@ EVP_DigestVerify - EVP signature verification functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created @@ -62,7 +62,7 @@ The error codes can be obtained from L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestVerify() is a one shot operation which verifies a single block of diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod index 2589254735..811110f1bf 100644 --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -29,7 +29,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines =head1 DESCRIPTION -The EVP encode routines provide a high level interface to base 64 encoding and +The EVP encode routines provide a high-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 23ddf9153d..17d17d5ca0 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -120,7 +120,7 @@ EVP_enc_null =head1 DESCRIPTION -The EVP cipher routines are a high level interface to certain +The EVP cipher routines are a high-level interface to certain symmetric ciphers. EVP_CIPHER_CTX_new() creates a cipher context. @@ -427,8 +427,8 @@ Sets the CCM B value. If not set a default is used (8 for AES). =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Sets the CCM nonce (IV) length. This call can only be made before specifying an -nonce value. The nonce length is given by B<15 - L> so it is 7 by default for +Sets the CCM nonce (IV) length. This call can only be made before specifying +a nonce value. The nonce length is given by B<15 - L> so it is 7 by default for AES. =back @@ -468,10 +468,10 @@ This call is only valid when decrypting data. =head1 NOTES Where possible the B interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the B interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low level interfaces do not provide the +acceleration such as AES-NI (the low-level interfaces do not provide the guarantee). PKCS padding works by adding B padding bytes of value B to make the total diff --git a/doc/man3/EVP_OpenInit.pod b/doc/man3/EVP_OpenInit.pod index 61b4307bca..2f4693710a 100644 --- a/doc/man3/EVP_OpenInit.pod +++ b/doc/man3/EVP_OpenInit.pod @@ -16,7 +16,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 16d8462a42..9215e943cf 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -290,7 +290,7 @@ parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0. The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B is -1 the shared secret is padded with zeroes up to the size of the DH prime B

. +1 the shared secret is padded with zeros up to the size of the DH prime B

. If B is zero (the default) then no padding is performed. EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index f01fc97522..9abf3e1cd4 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -31,7 +31,7 @@ If B is NULL, nothing is done. =head1 NOTES The B structure is an opaque public key algorithm context used -by the OpenSSL high level public key API. Contexts B be shared between +by the OpenSSL high-level public key API. Contexts B be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod index 83cebe7ce2..3850fb31e5 100644 --- a/doc/man3/EVP_PKEY_keygen.pod +++ b/doc/man3/EVP_PKEY_keygen.pod @@ -51,7 +51,7 @@ generation callback. The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with the generation operation. If B is -1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a nonnegative value for B should only be called within the generation callback. If the callback returns 0 then the key generation operation is aborted and an diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod index 2c2c89a71b..eeb6d64b02 100644 --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -17,7 +17,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope encryption. They generate a random key and IV (if required) then "envelope" it by using public key encryption. Data can then be encrypted using this key. diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 22ce747d33..299c5cf312 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital +The EVP signature routines are a high-level interface to digital signatures. EVP_SignInit_ex() sets up signing context I to use digest @@ -48,7 +48,7 @@ The error codes can be obtained by L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. When signing with DSA private keys the random number generator must be seeded. diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index 647c99bceb..929b4c6e2c 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -19,7 +19,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal =head1 DESCRIPTION -The EVP signature verification routines are a high level interface to digital +The EVP signature verification routines are a high-level interface to digital signatures. EVP_VerifyInit_ex() sets up verification context B to use digest @@ -49,7 +49,7 @@ The error codes can be obtained by L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index cc0d470907..97089c7389 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -69,7 +69,7 @@ EVP_shake256(). HMAC_CTX_new() creates a new HMAC_CTX in heap memory. -HMAC_CTX_reset() zeroes an existing B and associated +HMAC_CTX_reset() zeros an existing B and associated resources, making it suitable for new computations as if it was newly created with HMAC_CTX_new(). diff --git a/doc/man3/OCSP_cert_to_id.pod b/doc/man3/OCSP_cert_to_id.pod index c8d39c1913..cc03452a9f 100644 --- a/doc/man3/OCSP_cert_to_id.pod +++ b/doc/man3/OCSP_cert_to_id.pod @@ -52,7 +52,7 @@ corresponding parameter can be set to B. OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid B structure or B if an error occurred. -OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero +OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and nonzero otherwise. OCSP_CERTID_free() does not return a value. diff --git a/doc/man3/OCSP_request_add1_nonce.pod b/doc/man3/OCSP_request_add1_nonce.pod index 81bf645108..777d876d04 100644 --- a/doc/man3/OCSP_request_add1_nonce.pod +++ b/doc/man3/OCSP_request_add1_nonce.pod @@ -57,7 +57,7 @@ performance reasons. As a result they do not support nonces. The return values of OCSP_check_nonce() can be checked to cover each case. A positive return value effectively indicates success: nonces are both present -and match, both absent or present in the response only. A non-zero return +and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index 35f7d35e99..3c8ed39e74 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -112,7 +112,7 @@ no freeing of the results is necessary. OCSP_check_validity() checks the validity of B and B values which will be typically obtained from OCSP_resp_find_status() or -OCSP_single_get0_status(). If B is non-zero it indicates how many seconds +OCSP_single_get0_status(). If B is nonzero it indicates how many seconds leeway should be allowed in the check. If B is positive it indicates the maximum age of B in seconds. @@ -167,7 +167,7 @@ can then take appropriate action based on the status of the certificate. An OCSP response for a certificate contains B and B fields. Normally the current time should be between these two values. To -account for clock skew the B field can be set to non-zero in +account for clock skew the B field can be set to nonzero in OCSP_check_validity(). Some responders do not set the B field, this would otherwise mean an ancient response would be considered valid: the B parameter to OCSP_check_validity() can be used to limit the permitted diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index a129a16bf2..16d5a21dfc 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -34,7 +34,7 @@ response header maximum line length of B. If B is zero a default value of 4k is used. The OCSP request B may be set to B and provided later if required. -OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context +OCSP_sendreq_nbio() performs nonblocking I/O on the OCSP request context B. When the operation is complete it returns the response in B<*presp>. OCSP_REQ_CTX_free() frees up the OCSP context B. @@ -96,7 +96,7 @@ corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket). -OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking +OCSP_sendreq_bio() does not support retries and so cannot handle nonblocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended. diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index a312ef7342..ed884ddbd8 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -51,7 +51,7 @@ an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The B callback takes two arguments (pointers to two hash table entries), and returns -0 if their keys are equal, non-zero otherwise. +0 if their keys are equal, nonzero otherwise. If your hash table will contain items of some particular type and the B and @@ -196,7 +196,7 @@ all such parameters as constant. As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only "const" access to the data being -indexed in the hash table (ie. it is returned as "const" from +indexed in the hash table (i.e. it is returned as "const" from elsewhere in their code) - in this case the LHASH prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index 6294ee1d1b..4e4eef7757 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -41,7 +41,7 @@ initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). -However very few applications currently support the control interface and so +However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls OPENSSL_config() it doesn't need to know or care about diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod index 08a181168f..c367f70789 100644 --- a/doc/man3/OPENSSL_ia32cap.pod +++ b/doc/man3/OPENSSL_ia32cap.pod @@ -102,7 +102,7 @@ and RORX; =item bit #64+19 denoting availability of ADCX and ADOX instructions; =item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, -a.k.a. AVX512IFMA extension; +aka AVX512IFMA extension; =item bit #64+29 denoting availability of SHA extension; diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index c7823e32d6..fe41086cfd 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -39,13 +39,13 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L for the libssl equivalent). Numerous internal OpenSSL functions call OPENSSL_init_crypto(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_crypto() MUST be called by application code prior to any other OpenSSL function calls. @@ -216,10 +216,10 @@ The filename, application name, and flags can be customized by providing a non-null B object. The object can be allocated via B. The B function can be used to specify a -non-default filename, which is copied and need not refer to persistent storage. +nondefault filename, which is copied and need not refer to persistent storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a -non-default application name. -Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +nondefault application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. If the B flag is not included, any errors in the configuration file will cause an error return from B or indirectly L. diff --git a/doc/man3/OPENSSL_init_ssl.pod b/doc/man3/OPENSSL_init_ssl.pod index b963e5e7a9..56d8f8222f 100644 --- a/doc/man3/OPENSSL_init_ssl.pod +++ b/doc/man3/OPENSSL_init_ssl.pod @@ -23,14 +23,14 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_ssl() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the L function. Numerous internal OpenSSL functions call OPENSSL_init_ssl(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls. diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index a8306500fb..79bff12618 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -206,7 +206,7 @@ RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure. The B functions also process an RSA public key using -an RSA structure. However the public key is encoded using a +an RSA structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA. @@ -387,7 +387,7 @@ The pseudo code to derive the key would look similar to: =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse -an existing structure. Therefore the following: +an existing structure. Therefore, the following: PEM_read_bio_X509(bp, &x, 0, NULL); diff --git a/doc/man3/PKCS7_verify.pod b/doc/man3/PKCS7_verify.pod index ebcdde0795..01e8efc442 100644 --- a/doc/man3/PKCS7_verify.pod +++ b/doc/man3/PKCS7_verify.pod @@ -91,7 +91,7 @@ useful if one merely wishes to write the content to B and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod index 5da91be9df..4f76a2b569 100644 --- a/doc/man3/RAND_DRBG_new.pod +++ b/doc/man3/RAND_DRBG_new.pod @@ -56,7 +56,7 @@ its type and to instantiate it. The optional B argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is -RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function +RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of the derivation function ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1]. If a B instance is specified then this will be used instead of diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index 55e9a8b7af..4af628daab 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -77,7 +77,7 @@ does not satisfy the conditions requested by [NIST SP 800-90C], then it must also indicate an error by returning a buffer length of 0. See NOTES section for more details. -The B() callback is called from the B to to clear and +The B() callback is called from the B to clear and free the buffer allocated previously by get_entropy(). The values B and B are the random buffer's address and length, as returned by the get_entropy() callback. diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index 4ba6ff977d..85ae64bffb 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -62,7 +62,7 @@ usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. When the B argument is zero, this call disables the retention of file -descriptors. Conversely, a non-zero argument enables the retention of +descriptors. Conversely, a nonzero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately. diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod index 24f8fdcf4f..3169c78578 100644 --- a/doc/man3/RAND_load_file.pod +++ b/doc/man3/RAND_load_file.pod @@ -17,7 +17,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file =head1 DESCRIPTION RAND_load_file() reads a number of bytes from file B and -adds them to the PRNG. If B is non-negative, +adds them to the PRNG. If B is nonnegative, up to B are read; if B is -1, the complete file is read. Do not load the same file multiple times unless its contents have @@ -37,7 +37,7 @@ file. B points to a buffer of size B in which to store the filename. On all systems, if the environment variable B is set, its -value will be used as the seed file name. +value will be used as the seed filename. Otherwise, the file is called C<.rnd>, found in platform dependent locations: =over 4 @@ -57,7 +57,7 @@ Otherwise, the file is called C<.rnd>, found in platform dependent locations: =back If C<$HOME> (on non-Windows and non-VMS system) is not set either, or -B is too small for the path name, an error occurs. +B is too small for the pathname, an error occurs. =head1 RETURN VALUES diff --git a/doc/man3/RSA_blinding_on.pod b/doc/man3/RSA_blinding_on.pod index 5db127f16e..3d7c0e12c6 100644 --- a/doc/man3/RSA_blinding_on.pod +++ b/doc/man3/RSA_blinding_on.pod @@ -19,7 +19,7 @@ measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. RSA_blinding_on() turns blinding on for key B and generates a -random blinding factor. B is B or a pre-allocated and +random blinding factor. B is B or a preallocated and initialized B. RSA_blinding_off() turns blinding off and frees the memory used for diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod index 060a9000f8..6e6d9a3d07 100644 --- a/doc/man3/RSA_private_encrypt.pod +++ b/doc/man3/RSA_private_encrypt.pod @@ -2,7 +2,7 @@ =head1 NAME -RSA_private_encrypt, RSA_public_decrypt - low level signature operations +RSA_private_encrypt, RSA_public_decrypt - low-level signature operations =head1 SYNOPSIS @@ -16,7 +16,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations =head1 DESCRIPTION -These functions handle RSA signatures at a low level. +These functions handle RSA signatures at a low-level. RSA_private_encrypt() signs the B bytes at B (usually a message digest with an algorithm identifier) using the private key diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod index 4bb63962cf..d486ffcdd9 100644 --- a/doc/man3/RSA_set_method.pod +++ b/doc/man3/RSA_set_method.pod @@ -51,7 +51,7 @@ RSA_set_method() selects B to perform all operations using the key B. This will replace the RSA_METHOD used by the RSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have RSA keys that only -work with certain RSA_METHOD implementations (eg. from an ENGINE module +work with certain RSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the RSA_METHOD for the key can have unexpected results. diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index c5fed8e1e0..1f9e06a4ba 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -79,7 +79,7 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where -applicable (e.g. B) or an OpenSSL OID name (e.g B). Group +applicable (e.g. B) or an OpenSSL OID name (e.g. B). Group names are case sensitive. The list should be in order of preference with the most preferred group first. @@ -95,7 +95,7 @@ servers The B argument is a curve name or the special value B which picks an appropriate curve based on client and server preferences. The curve can be either the B name (e.g. B) or an OpenSSL OID name -(e.g B). Curve names are case sensitive. +(e.g. B). Curve names are case sensitive. =item B<-cipher> @@ -359,7 +359,7 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where -applicable (e.g. B) or an OpenSSL OID name (e.g B). Group +applicable (e.g. B) or an OpenSSL OID name (e.g. B). Group names are case sensitive. The list should be in order of preference with the most preferred group first. @@ -548,7 +548,7 @@ The value is a string without any specific structure. =item B -The value is a file name. +The value is a filename. =item B diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index 7168bd64fd..e504f95a7a 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -122,7 +122,7 @@ SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with SSL_get0_dane_authority(). -When the return value is non-negative, the storage pointed to by the B, +When the return value is nonnegative, the storage pointed to by the B, B, B and B parameters is updated to the corresponding TLSA record fields. The B field is in binary wire form, and is therefore not NUL-terminated, @@ -136,7 +136,7 @@ SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable optional DANE verification features. SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable the same features. -The B argument is a bitmask of the features to enable or disable. +The B argument is a bit mask of the features to enable or disable. The B set for an B context are copied to each B handle associated with that context at the time the handle is created. Subsequent changes in the context's B have no effect on the B set @@ -173,7 +173,7 @@ certificate or a public key that fails to parse. The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a negative value when DANE authentication failed or was not enabled, a -non-negative value indicates the chain depth at which the TLSA record matched a +nonnegative value indicates the chain depth at which the TLSA record matched a chain certificate, or the depth of the top-most certificate, when the TLSA record is a full public key that is its signer. diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 56c86097b6..62ad20f0ab 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -114,7 +114,7 @@ provided by the callback. =head1 NOTES The protocol-lists must be in wire-format, which is defined as a vector of -non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not +nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. diff --git a/doc/man3/SSL_CTX_set_generate_session_id.pod b/doc/man3/SSL_CTX_set_generate_session_id.pod index 1735c6271b..8d9d1598ab 100644 --- a/doc/man3/SSL_CTX_set_generate_session_id.pod +++ b/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -108,8 +108,8 @@ server id given, and will fill the rest with pseudo random bytes: /* * Prefix the session_id with the required prefix. NB: If our * prefix is too long, clip it - but there will be worse effects - * anyway, eg. the server could only possibly create 1 session - * ID (ie. the prefix!) so all future session negotiations will + * anyway, e.g. the server could only possibly create 1 session + * ID (i.e. the prefix!) so all future session negotiations will * fail due to conflicts. */ memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 01b03f9a59..a957bf0890 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -50,7 +50,7 @@ the callback function was called. If B is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and B specifies the alert information. -B is a bitmask made up of the following bits: +B is a bit mask made up of the following bits: =over 4 @@ -64,7 +64,7 @@ per state in some situations. Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as -on error or when IO might otherwise block and non-blocking is being used. +on error or when IO might otherwise block and nonblocking is being used. =item SSL_CB_READ diff --git a/doc/man3/SSL_CTX_set_max_cert_list.pod b/doc/man3/SSL_CTX_set_max_cert_list.pod index 01936c5847..893b35d063 100644 --- a/doc/man3/SSL_CTX_set_max_cert_list.pod +++ b/doc/man3/SSL_CTX_set_max_cert_list.pod @@ -39,7 +39,7 @@ received from a faulty or malicious peer, a maximum size for the certificate chain is set. The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit DOS platform). This should be sufficient for usual certificate +on the 16-bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see L, and certificates without special extensions have a typical size of 1-2kB). diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 387d1ec1ef..a91648ab22 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -18,13 +18,13 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_ =head1 DESCRIPTION -SSL_CTX_set_mode() adds the mode set via bitmask in B to B. +SSL_CTX_set_mode() adds the mode set via bit mask in B to B. Options already set before are not cleared. -SSL_CTX_clear_mode() removes the mode set via bitmask in B from B. +SSL_CTX_clear_mode() removes the mode set via bit mask in B from B. -SSL_set_mode() adds the mode set via bitmask in B to B. +SSL_set_mode() adds the mode set via bit mask in B to B. Options already set before are not cleared. -SSL_clear_mode() removes the mode set via bitmask in B from B. +SSL_clear_mode() removes the mode set via bit mask in B from B. SSL_CTX_get_mode() returns the mode set for B. @@ -50,8 +50,8 @@ the behaviour of write(). Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking SSL_write() behaves like -non-blocking write(). +avoid the misconception that nonblocking SSL_write() behaves like +nonblocking write(). =item SSL_MODE_AUTO_RETRY @@ -64,9 +64,9 @@ If such a non-application data record was processed, the flag B causes it to try to process the next record instead of returning. -In a non-blocking environment applications must be prepared to handle +In a nonblocking environment applications must be prepared to handle incomplete read/write operations. -Setting B for a non-blocking B will process +Setting B for a nonblocking B will process non-application data records until either no more data is available or an application data record has been processed. @@ -121,10 +121,10 @@ default since 1.1.1. =head1 RETURN VALUES -SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask +SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit mask after adding B. -SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. +SSL_CTX_get_mode() and SSL_get_mode() return the current bit mask. =head1 SEE ALSO diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 2d840b62cb..245a7b2b9e 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -23,16 +23,16 @@ SSL_get_secure_renegotiation_support - manipulate SSL options =head1 DESCRIPTION -SSL_CTX_set_options() adds the options set via bitmask in B to B. +SSL_CTX_set_options() adds the options set via bit mask in B to B. Options already set before are not cleared! -SSL_set_options() adds the options set via bitmask in B to B. +SSL_set_options() adds the options set via bit mask in B to B. Options already set before are not cleared! -SSL_CTX_clear_options() clears the options set via bitmask in B +SSL_CTX_clear_options() clears the options set via bit mask in B to B. -SSL_clear_options() clears the options set via bitmask in B to B. +SSL_clear_options() clears the options set via bit mask in B to B. SSL_CTX_get_options() returns the options set for B. @@ -45,7 +45,7 @@ Note, this is implemented via a macro. =head1 NOTES The behaviour of the SSL library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a bitwise B +The options are coded as bit masks and can be combined by a bitwise B operation (|). SSL_CTX_set_options() and SSL_set_options() affect the (external) @@ -161,7 +161,7 @@ the session. In this way the server can operate statelessly - no session information needs to be cached locally. The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up @@ -340,13 +340,13 @@ and renegotiation between OpenSSL and unpatched clients or servers. =head1 RETURN VALUES -SSL_CTX_set_options() and SSL_set_options() return the new options bitmask +SSL_CTX_set_options() and SSL_set_options() return the new options bit mask after adding B. -SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask +SSL_CTX_clear_options() and SSL_clear_options() return the new options bit mask after clearing B. -SSL_CTX_get_options() and SSL_get_options() return the current bitmask. +SSL_CTX_get_options() and SSL_get_options() return the current bit mask. SSL_get_secure_renegotiation_support() returns 1 is the peer supports secure renegotiation and 0 if it does not. diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index 293ddcbead..d24e5411af 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -135,7 +135,7 @@ A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L will return true. There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can diff --git a/doc/man3/SSL_CTX_set_read_ahead.pod b/doc/man3/SSL_CTX_set_read_ahead.pod index ff037d938d..a7d1662edc 100644 --- a/doc/man3/SSL_CTX_set_read_ahead.pod +++ b/doc/man3/SSL_CTX_set_read_ahead.pod @@ -21,7 +21,7 @@ SSL_CTX_get_default_read_ahead =head1 DESCRIPTION SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as -many input bytes as possible (for non-blocking reads) or not. For example if +many input bytes as possible (for nonblocking reads) or not. For example if B bytes are currently required by OpenSSL, but B bytes are available from the underlying BIO (where B > B), then OpenSSL will read all B bytes into its buffer (providing that the buffer is large enough) if reading ahead is diff --git a/doc/man3/SSL_CTX_set_session_cache_mode.pod b/doc/man3/SSL_CTX_set_session_cache_mode.pod index 18c9783fe0..fd863627e1 100644 --- a/doc/man3/SSL_CTX_set_session_cache_mode.pod +++ b/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -96,7 +96,7 @@ session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using L). Note: in any SSL/TLS servers where external caching is configured, any successful -session lookups in the external cache (ie. for session-resume requests) would +session lookups in the external cache (i.e. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well. diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod index 4036d3c7b3..93382d73a1 100644 --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -26,7 +26,7 @@ B within which a session can be reused for the B object. Sessions are generated within a certain context. When exporting/importing sessions with B/B it would be possible, to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application +application), which might lead to malfunctions. Therefore, each application must set its own session id context B which is used to distinguish the contexts and is stored in exported sessions. The B can be any kind of binary data with a given length, it is therefore possible diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index 99d2f29ac6..19765d2fd4 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -107,7 +107,7 @@ The return value can be any of these values: The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single -handshake. Therefore just because one ticket is unacceptable it does not mean +handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. =item SSL_TICKET_RETURN_IGNORE diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index d63ca4157e..0853d49475 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -41,7 +41,7 @@ capability is known as "pipelining" within OpenSSL. In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL "dasync" engine provides -AES128-SHA based ciphers that have this capability. However these are for +AES128-SHA based ciphers that have this capability. However, these are for development and test purposes only. SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod index 160a7343c3..0c21cfdb6b 100644 --- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -51,7 +51,7 @@ value is initialised to SSL_AD_UNRECOGNIZED_NAME. =item SSL_TLSEXT_ERR_ALERT_WARNING If this value is returned then the servername is not accepted by the server. -However the handshake will continue and send a warning alert instead. The value +However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the B parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 6403da3d6b..42acd7fc92 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -128,7 +128,7 @@ failure. In the event of failure the connection setup fails. =head1 NOTES There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can diff --git a/doc/man3/SSL_accept.pod b/doc/man3/SSL_accept.pod index b1595f7acf..81c9dbea57 100644 --- a/doc/man3/SSL_accept.pod +++ b/doc/man3/SSL_accept.pod @@ -23,14 +23,14 @@ The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B, SSL_accept() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_accept() will also return +If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -57,7 +57,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_alloc_buffers.pod b/doc/man3/SSL_alloc_buffers.pod index 94bd05840c..8a447d5a58 100644 --- a/doc/man3/SSL_alloc_buffers.pod +++ b/doc/man3/SSL_alloc_buffers.pod @@ -22,7 +22,7 @@ control when buffers are freed and allocated. After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The SSL_alloc_buffers() does not need to be called, but -can be used to make sure the buffers are pre-allocated. This can be used to +can be used to make sure the buffers are preallocated. This can be used to avoid allocation during data processing or with CRYPTO_set_mem_functions() to control where and how buffers are allocated. diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod index f7d9e57db6..0e6b625358 100644 --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -23,14 +23,14 @@ The behaviour of SSL_connect() depends on the underlying BIO. If the underlying BIO is B, SSL_connect() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_connect() will also return +If the underlying BIO is B, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -72,7 +72,7 @@ established. The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_do_handshake.pod b/doc/man3/SSL_do_handshake.pod index 8852f9d3e3..fa133d76a8 100644 --- a/doc/man3/SSL_do_handshake.pod +++ b/doc/man3/SSL_do_handshake.pod @@ -25,13 +25,13 @@ The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B, SSL_do_handshake() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_do_handshake() will also return +If the underlying BIO is B, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -58,7 +58,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_get_all_async_fds.pod b/doc/man3/SSL_get_all_async_fds.pod index 5b17f091e3..35ae178f3a 100644 --- a/doc/man3/SSL_get_all_async_fds.pod +++ b/doc/man3/SSL_get_all_async_fds.pod @@ -32,7 +32,7 @@ appearing as "read ready" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the SSL object is currently waiting for asynchronous work to complete (i.e. SSL_ERROR_WANT_ASYNC has been received - see L). Typically the -list will only contain one file descriptor. However if multiple asynchronous +list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in B<*numfds> and the file descriptors themselves are in B<*fds>. The B parameter may be NULL in which case no file @@ -63,7 +63,7 @@ SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 5221ccfe18..e6a1e8b63d 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -49,7 +49,7 @@ indicate that the underlying transport has been closed. The operation did not complete and can be retried later. B is returned when the last operation was a read -operation from a non-blocking B. +operation from a nonblocking B. It means that not enough data was available at this time to complete the operation. If at a later time the underlying B has data available for reading the same @@ -61,8 +61,8 @@ for a blocking B. See L for more information. B is returned when the last operation was a write -to a non-blocking B and it was unable to sent all data to the B. -When the B is writeable again, the same function can be called again. +to a nonblocking B and it was unable to sent all data to the B. +When the B is writable again, the same function can be called again. Note that the retry may again lead to an B or B condition. @@ -72,7 +72,7 @@ protocol level. It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). -However if the call was an SSL_write() or SSL_write_ex(), it should be called +However, if the call was an SSL_write() or SSL_write_ex(), it should be called again to continue sending the application data. For socket Bs (e.g. when SSL_set_fd() was used), select() or diff --git a/doc/man3/SSL_pending.pod b/doc/man3/SSL_pending.pod index c077a318c2..6aa59c5412 100644 --- a/doc/man3/SSL_pending.pod +++ b/doc/man3/SSL_pending.pod @@ -27,7 +27,7 @@ record) may have been read containing more TLS/SSL records. This also applies to DTLS and pipelining (see L). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() -will ignore them. Therefore it is possible for no more bytes to be readable from +will ignore them. Therefore, it is possible for no more bytes to be readable from the underlying BIO (because OpenSSL has already read them) and for SSL_pending() to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index 4da7ad1ae1..c86fcc8e08 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -45,7 +45,7 @@ invocation of a read function. The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). -Therefore data that was not retrieved at the last read call can still be +Therefore, data that was not retrieved at the last read call can still be buffered inside the SSL layer and will be retrieved on the next read call. If B is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the @@ -72,7 +72,7 @@ not set. Note that if B is set and only non-application data is available the call will hang. -If the underlying BIO is B, a read function will also return when +If the underlying BIO is B, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L with the @@ -83,7 +83,7 @@ a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying BIO. -When using a non-blocking socket, nothing is to be done, but select() can be +When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index d3552c928b..27d210f89b 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -203,7 +203,7 @@ early data settings for the SSL_CTX and SSL objects respectively. Generally a server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum -early data setting for a server is non-zero then replay protection is +early data setting for a server is nonzero then replay protection is automatically enabled (see L below). If the server rejects the early data sent by a client then it will skip over @@ -221,7 +221,7 @@ max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort. The configured value for max_early_data on a server may change over time as -required. However clients may have tickets containing the previously configured +required. However, clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than @@ -286,7 +286,7 @@ retry with a lower maximum protocol version. When early data is in use the TLS protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the -server is configured with a non-zero max early data value. With replay +server is configured with a nonzero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that @@ -317,7 +317,7 @@ cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution +(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore, extreme caution should be applied when combining external PSKs with early data. Some applications may mitigate the replay risks in other ways. For those diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index 4ae9f6e7f3..88dc353284 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -19,9 +19,9 @@ SSL server verification parameters These functions configure server hostname checks in the SSL client. SSL_set1_host() sets the expected DNS hostname to B clearing -any previously specified host name or names. If B is NULL, +any previously specified hostname or names. If B is NULL, or the empty string the list of hostnames is cleared, and name -checks are not performed on the peer certificate. When a non-empty +checks are not performed on the peer certificate. When a nonempty B is specified, certificate verification automatically checks the peer hostname via L with B as specified via SSL_set_hostflags(). Clients that enable DANE TLSA authentication diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod index 1fa0d34926..8a1c8aaf42 100644 --- a/doc/man3/SSL_set_bio.pod +++ b/doc/man3/SSL_set_bio.pod @@ -16,7 +16,7 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO SSL_set0_rbio() connects the BIO B for the read operations of the B object. The SSL engine inherits the behaviour of B. If the BIO is -non-blocking then the B object will also have non-blocking behaviour. This +nonblocking then the B object will also have nonblocking behaviour. This function transfers ownership of B to B. It will be automatically freed using L when the B is freed. On calling this function, any existing B that was previously set will also be freed via a @@ -26,7 +26,7 @@ the same value as previously). SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO B for the write operations of the B object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take -ownership of one reference. Therefore it may be necessary to increment the +ownership of one reference. Therefore, it may be necessary to increment the number of references available using L before calling the set0 functions. diff --git a/doc/man3/SSL_set_fd.pod b/doc/man3/SSL_set_fd.pod index d5ec951e0b..3a1bb972b8 100644 --- a/doc/man3/SSL_set_fd.pod +++ b/doc/man3/SSL_set_fd.pod @@ -20,8 +20,8 @@ socket file descriptor of a network connection. When performing the operation, a B is automatically created to interface between the B and B. The BIO and hence the SSL engine -inherit the behaviour of B. If B is non-blocking, the B will -also have non-blocking behaviour. +inherit the behaviour of B. If B is nonblocking, the B will +also have nonblocking behaviour. If there was already a BIO connected to B, BIO_free() will be called (for both the reading and writing side, if different). diff --git a/doc/man3/SSL_set_shutdown.pod b/doc/man3/SSL_set_shutdown.pod index b1cf58920b..de1a71aa96 100644 --- a/doc/man3/SSL_set_shutdown.pod +++ b/doc/man3/SSL_set_shutdown.pod @@ -20,7 +20,7 @@ SSL_get_shutdown() returns the shutdown mode of B. =head1 NOTES -The shutdown state of an ssl connection is a bitmask of: +The shutdown state of an ssl connection is a bit mask of: =over 4 diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 30cf484619..5b7ef94dd1 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -95,13 +95,13 @@ The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. -If the underlying BIO is B, SSL_shutdown() will also return +If the underlying BIO is B, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -152,7 +152,7 @@ and the peer's close_notify alert was received. The shutdown was not successful. Call L with the return value B to find out the reason. -It can occur if an action is needed to continue the operation for non-blocking +It can occur if an action is needed to continue the operation for nonblocking BIOs. It can also occur when not all data was read using SSL_read(). diff --git a/doc/man3/SSL_state_string.pod b/doc/man3/SSL_state_string.pod index 505945a942..ad6ee8fb9e 100644 --- a/doc/man3/SSL_state_string.pod +++ b/doc/man3/SSL_state_string.pod @@ -26,11 +26,11 @@ maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. -When using non-blocking sockets, the function call performing the handshake +When using nonblocking sockets, the function call performing the handshake may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called. -For both blocking or non-blocking sockets, the details state information +For both blocking or nonblocking sockets, the details state information can be used within the info_callback function set with the SSL_set_info_callback() call. diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod index 6840ccbfb6..6e283dda15 100644 --- a/doc/man3/SSL_want.pod +++ b/doc/man3/SSL_want.pod @@ -33,7 +33,7 @@ return values are similar to that of L. Unlike L, which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated +nonblocking I/O. Error conditions are not handled and must be treated using L. The result returned by SSL_want() should always be consistent with diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index a76ffbb8fd..8857a87e90 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -36,7 +36,7 @@ before the first call to a write function. If the underlying BIO is B, the write functions will only return, once the write operation has been finished or an error occurred. -If the underlying BIO is B the write functions will also return +If the underlying BIO is B the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L with the return value of the write function will yield B @@ -44,7 +44,7 @@ or B. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check +nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. diff --git a/doc/man3/UI_UTIL_read_pw.pod b/doc/man3/UI_UTIL_read_pw.pod index a59cc4f386..032c6a1916 100644 --- a/doc/man3/UI_UTIL_read_pw.pod +++ b/doc/man3/UI_UTIL_read_pw.pod @@ -21,7 +21,7 @@ UI_UTIL_read_pw_string() asks for a passphrase, using B as a prompt, and stores it in B. The maximum allowed size is given with B, including the terminating NUL byte. -If B is non-zero, the password will be verified as well. +If B is nonzero, the password will be verified as well. UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the difference is that you can give it an external buffer B for the diff --git a/doc/man3/UI_create_method.pod b/doc/man3/UI_create_method.pod index a01e1012dc..210ebb4743 100644 --- a/doc/man3/UI_create_method.pod +++ b/doc/man3/UI_create_method.pod @@ -51,7 +51,7 @@ interface method creation and destruction =head1 DESCRIPTION -A method contains a few functions that implement the low level of the +A method contains a few functions that implement the low-level of the User Interface. These functions are: diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod index 3042b13f1f..0186632445 100644 --- a/doc/man3/UI_new.pod +++ b/doc/man3/UI_new.pod @@ -152,7 +152,7 @@ UI_construct_prompt() is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter I for I:". With the -description "pass phrase" and the file name "foo.key", that becomes +description "pass phrase" and the filename "foo.key", that becomes "Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod index ac560b21e9..f42bc4006e 100644 --- a/doc/man3/X509V3_get_d2i.pod +++ b/doc/man3/X509V3_get_d2i.pod @@ -78,7 +78,7 @@ of a certificate a CRL or a CRL entry respectively. =head1 NOTES In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore the B parameter is usually B. +occurrences is an error. Therefore, the B parameter is usually B. The B parameter may be one of the following values. diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod index 6612354508..ceef19a3b5 100644 --- a/doc/man3/X509_ALGOR_dup.pod +++ b/doc/man3/X509_ALGOR_dup.pod @@ -35,7 +35,7 @@ X509_ALGOR_set_md() sets the B B to appropriate values for the message digest B. X509_ALGOR_cmp() compares B and B and returns 0 if they have identical -encodings and non-zero otherwise. +encodings and nonzero otherwise. X509_ALGOR_copy() copies the source values into the dest structs; making a duplicate of each (and free any thing pointed to from within *dest). @@ -50,7 +50,7 @@ X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error. X509_ALGOR_get0() and X509_ALGOR_set_md() return no values. X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and -non-zero otherwise. +nonzero otherwise. =head1 HISTORY diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod index dd41f78b12..8700b2bd17 100644 --- a/doc/man3/X509_LOOKUP_hash_dir.pod +++ b/doc/man3/X509_LOOKUP_hash_dir.pod @@ -80,7 +80,7 @@ upon each lookup, so that newer CRLs are as soon as they appear in the directory. The directory should contain one certificate or CRL per file in PEM format, -with a file name of the form I.I for a certificate, or +with a filename of the form I.I for a certificate, or I.BI for a CRL. The I is the value returned by the L function applied to the subject name for certificates or issuer name for CRLs. diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod index a4e7466395..ad581d4b42 100644 --- a/doc/man3/X509_LOOKUP_meth_new.pod +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -151,7 +151,7 @@ Implementations must add objects they find to the B object using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments its reference count. However, the X509_STORE_CTX_get_by_subject() function also increases the reference count which leads to one too -many references being held. Therefore applications should +many references being held. Therefore, applications should additionally call X509_free() or X509_CRL_free() to decrement the reference count again. diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index bdbf86ae96..1bded01794 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -38,7 +38,7 @@ it might be used in a verification callback to set an error based on additional checks. X509_STORE_CTX_get_error_depth() returns the B of the error. This is a -non-negative integer representing where in the certificate chain the error +nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. @@ -79,7 +79,7 @@ verification error B. X509_STORE_CTX_get_error() returns B or an error code. -X509_STORE_CTX_get_error_depth() returns a non-negative error depth. +X509_STORE_CTX_get_error_depth() returns a nonnegative error depth. X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or B if no certificate is relevant to the error. diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index c5042858be..4b5c11e385 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -52,7 +52,7 @@ by X509_verify_cert(). X509_STORE_CTX_new() returns a newly initialised B structure. X509_STORE_CTX_cleanup() internally cleans up an B structure. -The context can then be reused with an new call to X509_STORE_CTX_init(). +The context can then be reused with a new call to X509_STORE_CTX_init(). X509_STORE_CTX_free() completely frees up B. After this call B is no longer valid. @@ -80,7 +80,7 @@ X509_STORE_CTX_set0_verified_chain() sets the validated chain used by B to be B. Ownership of the chain is transferred to B and should not be free'd by the caller. -X509_STORE_CTX_get0_chain() returns a the internal pointer used by the +X509_STORE_CTX_get0_chain() returns the internal pointer used by the B that contains the validated chain. X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate @@ -133,7 +133,7 @@ should be made or reference counts increased instead. =head1 RETURN VALUES -X509_STORE_CTX_new() returns an newly allocates context or B is an +X509_STORE_CTX_new() returns a newly allocated context or B if an error occurred. X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred. diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 7cd661f215..cf3fe092c5 100644 --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -48,7 +48,7 @@ The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. -However a verification callback is B essential and the default operation +However, a verification callback is B essential and the default operation is often sufficient. The B parameter to the callback indicates the value the callback should diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index a87b71d92a..66620344ff 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -129,7 +129,7 @@ interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits. X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to -B clearing any previously specified host name or names. If +B clearing any previously specified hostname or names. If B is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If B is NUL-terminated, B may be zero, otherwise B diff --git a/doc/man3/X509_check_ca.pod b/doc/man3/X509_check_ca.pod index 38f0811dd0..ea8008a69f 100644 --- a/doc/man3/X509_check_ca.pod +++ b/doc/man3/X509_check_ca.pod @@ -24,7 +24,7 @@ B extension with bit B set, but without B, and 5 if it has outdated Netscape Certificate Type extension telling that it is CA certificate. -Actually, any non-zero value means that this certificate could have been +Actually, any nonzero value means that this certificate could have been used to sign other certificates. =head1 SEE ALSO diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index dba6a6976e..0e27dda845 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -19,13 +19,13 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert =head1 DESCRIPTION The certificate matching functions are used to check whether a -certificate matches a given host name, email address, or IP address. +certificate matches a given hostname, email address, or IP address. The validity of the certificate and its trust level has to be checked by other means. X509_check_host() checks if the certificate Subject Alternative -Name (SAN) or Subject CommonName (CN) matches the specified host -name, which must be encoded in the preferred name syntax described +Name (SAN) or Subject CommonName (CN) matches the specified hostname, +which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, @@ -37,7 +37,7 @@ Per section 6.4.2 of RFC 6125, B values representing international domain names must be given in A-label form. The B argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(B). When B starts -with a dot (e.g ".example.com"), it will be matched by a certificate +with a dot (e.g. ".example.com"), it will be matched by a certificate valid for any sub-domain of B, (see also B below). diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod index bc38138743..6af9e79815 100644 --- a/doc/man3/X509_check_purpose.pod +++ b/doc/man3/X509_check_purpose.pod @@ -35,7 +35,7 @@ For non-CA checks =over 4 -=item -1 an error condition has occured +=item -1 an error condition has occurred =item E<32>1 if the certificate was created to perform the purpose represented by I @@ -47,7 +47,7 @@ For CA checks the below integers could be returned with the following meanings: =over 4 -=item -1 an error condition has occured +=item -1 an error condition has occurred =item E<32>0 not a CA or does not have the purpose represented by I diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod index c81d463650..20f1793645 100644 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -71,7 +71,7 @@ the extension is found its index is returned otherwise B<-1> is returned. X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it looks for an extension of criticality B. A zero value for B -looks for a non-critical extension a non-zero value looks for a critical +looks for a non-critical extension a nonzero value looks for a critical extension. X509v3_delete_ext() deletes the extension with index B from B. The diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index a8319bd471..245df0c8d9 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -436,8 +436,8 @@ The actual TYPE structure passed to i2d_TYPE() must be a valid populated B structure -- it B simply be fed with an empty structure such as that returned by TYPE_new(). -The encoded data is in binary form and may contain embedded zeroes. -Therefore any FILE pointers or BIOs should be opened in binary mode. +The encoded data is in binary form and may contain embedded zeros. +Therefore, any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will B return the correct length of the encoded structure. diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 7a0459d993..3cc2d73a52 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -435,7 +435,7 @@ the value. The escaping isn't quite right: if you want to use sequences like B<\n> you can't use any quote escaping on the same line. -Files are loaded in a single pass. This means that an variable expansion +Files are loaded in a single pass. This means that a variable expansion will only work if the variables referenced are defined earlier in the file. diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 803b12b3ed..9407d8beda 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -60,8 +60,8 @@ The following sections describe each supported extension in detail. This is a multi valued extension which indicates whether a certificate is a CA certificate. The first (mandatory) name is B followed by B or -B. If B is B then an optional B name followed by an -non-negative value can be included. +B. If B is B then an optional B name followed by a +nonnegative value can be included. For example: diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod index c8fceffa1c..73960fe70b 100644 --- a/doc/man7/SM2.pod +++ b/doc/man7/SM2.pod @@ -33,7 +33,7 @@ Then an ID should be set by calling: EVP_PKEY_CTX_set1_id(pctx, id, id_len); When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a -pre-allocated B should be assigned to the B. This is +preallocated B should be assigned to the B. This is done by calling: EVP_MD_CTX_set_pkey_ctx(mctx, pctx); diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod index e493dacd23..cd2df206cb 100644 --- a/doc/man7/evp.pod +++ b/doc/man7/evp.pod @@ -25,7 +25,7 @@ functions. Symmetric encryption is available with the LI|EVP_EncryptInit(3)> functions. The LI|EVP_DigestInit(3)> functions provide message digests. -The BI functions provide a high level interface to +The BI functions provide a high-level interface to asymmetric algorithms. To create a new EVP_PKEY see L. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions @@ -43,7 +43,7 @@ The EVP_PKEY functions support the full range of asymmetric algorithm operations =item For signing and verifying see L, L and L. However, note that -these functions do not perform a digest of the data to be signed. Therefore +these functions do not perform a digest of the data to be signed. Therefore, normally you would use the L functions for this purpose. @@ -72,12 +72,12 @@ as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page. -Although low level algorithm specific functions exist for many algorithms +Although low-level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE -versions of new algorithms cannot be accessed using the low level functions. +versions of new algorithms cannot be accessed using the low-level functions. Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low level and some operations are more efficient -using the high level interface. +cleanly supported at the low-level and some operations are more efficient +using the high-level interface. =head1 SEE ALSO diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod index 6e75abd314..e9652cff14 100644 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -15,7 +15,7 @@ ossl_store - Store retrieval functions =head2 General A STORE is a layer of functionality to retrieve a number of supported -objects from a repository of any kind, addressable as a file name or +objects from a repository of any kind, addressable as a filename or as a URI. The functionality supports the pattern "open a channel to the From openssl at openssl.org Fri Jul 24 19:12:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 19:12:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1595617947.006665.26783.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B0A520187F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B0A520187F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B0A520187F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/MRwDXteiq2 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B0F8A0DE7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B0F8A0DE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B0F8A0DE7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B0F8A0DE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0B0F8A0DE7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0B0F8A0DE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/MRwDXteiq2 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3238, 869 wallclock secs (12.82 usr 1.10 sys + 805.89 cusr 63.79 csys = 883.60 CPU) Result: FAIL Makefile:3134: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3132: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 24 21:33:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 21:33:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1595626399.461278.29945.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0402FB10E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0402FB10E7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0402FB10E7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/46kmG2kyy2 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C090F2CD037F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F2CD037F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:843 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C090F2CD037F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F2CD037F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1627 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1705 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C090F2CD037F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C090F2CD037F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6745 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/46kmG2kyy2 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3238, 865 wallclock secs (12.26 usr 1.24 sys + 801.42 cusr 63.84 csys = 878.76 CPU) Result: FAIL Makefile:3133: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3131: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 24 22:19:32 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 24 Jul 2020 22:19:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1595629172.100486.30479.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: dcb71e1c21 Cleanup fips provider init 7b9f218838 document the deprecation of the '-public-key-methods' option to list 41bbba5375 EVP: deprecate the EVP_X_meth_ functions. 77ae4f6ff7 engines: fixed to work with EVP_*_meth calls deprecated 9e5f344a87 evp_test: use correct deallocation for EVP_CIPHER 340f82a4e7 evp_test: use correct deallocation for EVP_MD 1d864f0f53 Specific the engine pointer 490c87110c Align documentation with recommendations of Linux Documentation Project bf19b64aae Fix UI method setup, which should be independent of (deprecated) engine use 4f8fbf372e 81-test_cmp_cli.t: Avoid using 'tail', 'awk', and the '-s' option of 'lsof' f91624d380 Skip test_cmp_cli if 'lsof' or 'kill' command is not available 90409da6a5 Fix provider cipher reinit issue 7717459892 Avoid errors with a priori inapplicable protocol bounds 5ac582d949 DOC: Fix SSL_CTX_set_cert_cb.pod and SSL_CTX_set_client_cert_cb.pod 8eca461731 util/find-doc-nits: Relax check of function declarations in name_synopsis() 904f42509f PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a 7e4f01d8ba fixed swapped parameter descriptions for x509 9f7bdcf37f Add ERR_raise() errors to fips OSSL_provider_init and self tests. 823a113574 Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 02e14a65fd man3: Drop warning about using security levels higher than 1. 16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md 174f4a4d6a check-format.pl: Report empty lines only if -s (--sloppy-spc) is not used dc18781550 check-format.pl: Add check for essentially empty line at beginning of file 43b2e9e008 check-format.pl: Add check for multiples essentially empty lines in a row a77571c34f check-format.pl: Allow comment start '/*' after opening '(','[','{' 5304331156 Fix linking against non-system zlib on macOS Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D071DD1B7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D071DD1B7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0D071DD1B7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0D071DD1B7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/SEPuEHIci5 default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C040E6C3D77F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C040E6C3D77F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C040E6C3D77F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C040E6C3D77F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8199 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/SEPuEHIci5 fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=205, Tests=3160, 789 wallclock secs (10.98 usr 1.21 sys + 730.61 cusr 56.31 csys = 799.11 CPU) Result: FAIL Makefile:3137: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3135: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sat Jul 25 12:14:32 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 25 Jul 2020 12:14:32 +0000 Subject: Build failed: openssl master.35800 Message-ID: <20200725121432.1.3D12BFC0D447948C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 25 13:29:39 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 25 Jul 2020 13:29:39 +0000 Subject: Build completed: openssl master.35801 Message-ID: <20200725132939.1.928D1E54A6B06AEB@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Sun Jul 26 06:01:45 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 26 Jul 2020 06:01:45 +0000 Subject: [openssl] master update Message-ID: <1595743305.405793.10688.nullmailer@dev.openssl.org> The branch master has been updated via fcdd228b012dbf74b1d52afc5d11b10809945cb3 (commit) from 1660c8fa6be2d7c4587e490c88a44a870e9b4298 (commit) - Log ----------------------------------------------------------------- commit fcdd228b012dbf74b1d52afc5d11b10809945cb3 Author: Matt Caswell Date: Fri Jul 24 12:04:00 2020 +0100 Fix no-dh and no-dsa Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12525) ----------------------------------------------------------------------- Summary of changes: test/evp_libctx_test.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index a9f665842a..395c5d99b5 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "testutil.h" #include "internal/nelem.h" @@ -57,7 +58,7 @@ const OPTIONS *test_get_options(void) return test_options; } -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DH) +#ifndef OPENSSL_NO_DH static const char *getname(int id) { const char *name[] = {"p", "q", "g" }; @@ -68,7 +69,11 @@ static const char *getname(int id) } #endif -#ifndef OPENSSL_NO_DSA +/* + * We're using some DH specific values in this test, so we skip compilation if + * we're in a no-dh build. + */ +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) static int test_dsa_param_keygen(int tstid) { @@ -315,7 +320,7 @@ int setup_tests(void) if (!TEST_ptr(libprov)) return 0; -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); #endif #ifndef OPENSSL_NO_DH From builds at travis-ci.com Sun Jul 26 07:21:55 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 26 Jul 2020 07:21:55 +0000 Subject: Still Failing: openssl/openssl#36345 (master - fcdd228) In-Reply-To: Message-ID: <5f1d2f12e4283_13f9374d0e980110194@travis-pro-tasks-665df55f5d-jrv7h.mail> Build Update for openssl/openssl ------------------------------------- Build: #36345 Status: Still Failing Duration: 1 hr, 17 mins, and 34 secs Commit: fcdd228 (master) Author: Matt Caswell Message: Fix no-dh and no-dsa Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12525) View the changeset: https://github.com/openssl/openssl/compare/1660c8fa6be2...fcdd228b012d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177180472?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 26 07:52:43 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 26 Jul 2020 07:52:43 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5f1d364b33871_5f0192abc14a9cf401843@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DsVFB_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEuuVXAbsJ0WLyJ4IPYyQbkZt4omqCRu0CybauetoFclRsc1mpSwIhboBCpu7jHs7TmwRm0ksFBIB3lvQVoloOOHN5kEeFDVxUGJezGD9NsUiVF7yZPRDngBPIGFk2WNfbCsWJatKjKdNnnWe-2BxBcMfAA4MW9TQbr1l0ZSxHGmv73FUJEjyzufK9v-2BZ8jxLwdg-3D Build ID: 328692 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jul 26 07:56:55 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 26 Jul 2020 07:56:55 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5f1d3746c72fb_5f2452abc14a9cf40184a8@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DujWK_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEKy-2Fwp1J9bnG2dWLGplzldJt72fg4zuMCsn-2Buu9m7LRz2jCk1HhFxXlLNhxH4bKM3E-2BBovFupFZkdaAfKcQ8HZRFi65BpCK-2BBHXQc2jfP-2BpGI9K4VleRRGrbZBkWd18Tq5LDUj2xvMvTuxVNZI3u2vPFst2nFTO1dMNdMxDPxAj6sVYSw72OQy3XEgqdWLg-2B8-3D Build ID: 328691 Analysis Summary: New defects found: 8 Defects eliminated: 4 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DrPft_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEKy-2Fwp1J9bnG2dWLGplzldJt72fg4zuMCsn-2Buu9m7LR3Cw-2BcxJxGxlPDcvpuLZkb8HCcXctOkEQqsVBxRm8LdLgLRFdVbHgLGLSNMlC4zPoya8UCLzkn6ClwHEhrK-2BYO-2FLiFa3bJShGqE1KEOn14arwotkWwriMoPVdtli2RMw3-2FAAGTNu38nRfsJtTIao02M-3D From levitte at openssl.org Sun Jul 26 09:36:59 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 26 Jul 2020 09:36:59 +0000 Subject: [openssl] master update Message-ID: <1595756219.949134.30899.nullmailer@dev.openssl.org> The branch master has been updated via 71b35e1934087365610f9107aceac7d7a67cddcf (commit) from fcdd228b012dbf74b1d52afc5d11b10809945cb3 (commit) - Log ----------------------------------------------------------------- commit 71b35e1934087365610f9107aceac7d7a67cddcf Author: Richard Levitte Date: Sun Jul 26 10:39:00 2020 +0200 DER to RSA deserializer: fix inclusion Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12535) ----------------------------------------------------------------------- Summary of changes: providers/implementations/serializers/deserialize_pem2der.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/implementations/serializers/deserialize_pem2der.c b/providers/implementations/serializers/deserialize_pem2der.c index 490f041703..a46ec681a1 100644 --- a/providers/implementations/serializers/deserialize_pem2der.c +++ b/providers/implementations/serializers/deserialize_pem2der.c @@ -22,7 +22,7 @@ #include #include #include "prov/bio.h" -#include "prov/bio.h" +#include "prov/implementations.h" #include "prov/providercommonerr.h" #include "serializer_local.h" From builds at travis-ci.com Sun Jul 26 11:02:33 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 26 Jul 2020 11:02:33 +0000 Subject: Still Failing: openssl/openssl#36349 (master - 71b35e1) In-Reply-To: Message-ID: <5f1d62c95691d_13fbbbfffaff411761f@travis-pro-tasks-65d47b4d56-xbzjj.mail> Build Update for openssl/openssl ------------------------------------- Build: #36349 Status: Still Failing Duration: 1 hr, 18 mins, and 14 secs Commit: 71b35e1 (master) Author: Richard Levitte Message: DER to RSA deserializer: fix inclusion Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12535) View the changeset: https://github.com/openssl/openssl/compare/fcdd228b012d...71b35e193408 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177185825?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 26 22:29:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 26 Jul 2020 22:29:20 +0000 Subject: Build failed: openssl master.35812 Message-ID: <20200726222920.1.F69D0F0463430DF0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 26 23:44:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 26 Jul 2020 23:44:18 +0000 Subject: Build completed: openssl master.35813 Message-ID: <20200726234418.1.B1CB0B8761DC22E9@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sun Jul 26 23:57:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 26 Jul 2020 23:57:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1595807871.107041.26311.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 8057EA9B497F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 800723A3117F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 800723A3117F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3044, 1717 wallclock secs (11.62 usr 1.42 sys + 1544.72 cusr 156.43 csys = 1714.19 CPU) Result: FAIL Makefile:2514: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2512: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 27 01:48:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 01:48:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1595814535.717071.24783.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3113, 858 wallclock secs (13.17 usr 1.28 sys + 790.59 cusr 60.94 csys = 865.98 CPU) Result: FAIL Makefile:3155: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3153: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 27 07:25:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 07:25:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1595834737.703329.1976.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0A22CFA7F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0D0A22CFA7F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C0D0A22CFA7F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0D0DB29397F0000:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:928:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0C01AFADB7F0000:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:928:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=207, Tests=3147, 825 wallclock secs (12.48 usr 1.19 sys + 774.83 cusr 56.13 csys = 844.63 CPU) Result: FAIL Makefile:3097: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3095: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 27 07:49:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 07:49:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1595836157.167953.18860.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=207, Tests=3247, 841 wallclock secs (12.27 usr 1.26 sys + 779.27 cusr 62.08 csys = 854.88 CPU) Result: FAIL Makefile:3171: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3169: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 27 08:12:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 08:12:44 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1595837564.884004.3982.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test From openssl at openssl.org Mon Jul 27 08:36:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 08:36:00 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1595838960.462165.19441.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test From matt at openssl.org Mon Jul 27 09:19:09 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2020 09:19:09 +0000 Subject: [openssl] master update Message-ID: <1595841549.819646.27354.nullmailer@dev.openssl.org> The branch master has been updated via 51d9ac870acda2c818ce19c1174ed85f9a2f6eb7 (commit) from 71b35e1934087365610f9107aceac7d7a67cddcf (commit) - Log ----------------------------------------------------------------- commit 51d9ac870acda2c818ce19c1174ed85f9a2f6eb7 Author: Matt Caswell Date: Fri Jul 24 12:24:45 2020 +0100 Fix no-ec2m Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12526) ----------------------------------------------------------------------- Summary of changes: providers/common/capabilities.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index 353da1ee32..44764fd70a 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -165,7 +165,10 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) { size_t i; -#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) && !defined(FIPS_MODULE) +#if !defined(OPENSSL_NO_EC) \ + && !defined(OPENSSL_NO_EC2M) \ + && !defined(OPENSSL_NO_DH) \ + && !defined(FIPS_MODULE) assert(OSSL_NELEM(param_group_list) == OSSL_NELEM(group_list)); #endif for (i = 0; i < OSSL_NELEM(param_group_list); i++) From openssl at openssl.org Mon Jul 27 09:58:01 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 09:58:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1595843881.595847.22424.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 70-test_sslversions.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_sslvertol.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13alerts.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13cookie.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13downgrade.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13hrr.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13kexmodes.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13messages.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tls13psk.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 70-test_tlsextms.t (Wstat: 34304 Tests: 0 Failed: 0) Non-zero exit status: 134 Parse errors: No plan found in TAP output 71-test_ssl_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherbytes.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_cipherlist.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ciphername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dane.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtlsv1listen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 6912 Tests: 31 Failed: 27) Failed tests: 2-14, 16-22, 24-29, 31 Non-zero exit status: 27 80-test_ssl_old.t (Wstat: 1024 Tests: 12 Failed: 4) Failed tests: 3, 5-7 Non-zero exit status: 4 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_fatalerr.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_shlibload.t (Wstat: 1024 Tests: 10 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sysdefault.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13ccs.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13encryption.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_tls13secrets.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 99-test_fuzz.t (Wstat: 512 Tests: 13 Failed: 2) Failed tests: 8-9 Non-zero exit status: 2 Files=207, Tests=2058, 478 wallclock secs ( 7.26 usr 0.82 sys + 406.29 cusr 45.00 csys = 459.37 CPU) Result: FAIL Makefile:3166: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:3164: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Mon Jul 27 10:18:17 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 27 Jul 2020 10:18:17 +0000 Subject: [openssl] master update Message-ID: <1595845097.671596.3497.nullmailer@dev.openssl.org> The branch master has been updated via 846f96f821260ca83cc93bfa35207864b05abec5 (commit) via a4e55cccc9991b35c3f4b3f4aac32b59aa598584 (commit) via 456b3b97a489d4be42f4258cb65bf76dfd8bab00 (commit) from 51d9ac870acda2c818ce19c1174ed85f9a2f6eb7 (commit) - Log ----------------------------------------------------------------- commit 846f96f821260ca83cc93bfa35207864b05abec5 Author: Richard Levitte Date: Mon Jul 20 16:14:40 2020 +0200 TEST: Add RSA-PSS cases in test/serdes_test.c Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12492) commit a4e55cccc9991b35c3f4b3f4aac32b59aa598584 Author: Richard Levitte Date: Mon Jul 20 16:13:18 2020 +0200 PROV: Add a DER to RSA-PSS deserializer implementation Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12492) commit 456b3b97a489d4be42f4258cb65bf76dfd8bab00 Author: Richard Levitte Date: Mon Jul 20 16:09:47 2020 +0200 EVP, PROV: Add misc missing bits for RSA-PSS - EVP_PKEY_is_a() didn't recognise "RSA-PSS" for legacy keys. - The RSA-PSS keymgmt didn't have a OSSL_FUNC_keymgmt_match() function. - ossl_prov_prepare_rsa_params() didn't return 1 for unrestricted RSA-PSS params. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12492) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/p_lib.c | 2 + providers/common/include/prov/providercommonerr.h | 1 + providers/common/provider_err.c | 1 + providers/defltprov.c | 2 + .../implementations/include/prov/implementations.h | 1 + providers/implementations/keymgmt/rsa_kmgmt.c | 2 + .../serializers/deserialize_der2rsa.c | 94 ++++++++++++++-- .../implementations/serializers/serializer_local.h | 2 + .../implementations/serializers/serializer_rsa.c | 11 ++ test/serdes_test.c | 118 +++++++++++++++++---- 11 files changed, 206 insertions(+), 29 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e5ed28bce1..a99648a1fd 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2878,6 +2878,7 @@ PROV_R_INVALID_MODE:125:invalid mode PROV_R_INVALID_MODE_INT:126:invalid mode int PROV_R_INVALID_PADDING_MODE:168:invalid padding mode PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen +PROV_R_INVALID_RSA_KEY:217:invalid rsa key PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_SEED_LENGTH:154:invalid seed length PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 65a767b4d0..a7fd687dd0 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -935,6 +935,8 @@ int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) if (strcasecmp(name, "RSA") == 0) type = EVP_PKEY_RSA; + else if (strcasecmp(name, "RSA-PSS") == 0) + type = EVP_PKEY_RSA_PSS; #ifndef OPENSSL_NO_EC else if (strcasecmp(name, "EC") == 0) type = EVP_PKEY_EC; diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index f5fd37d9cc..bdc39e4121 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -101,6 +101,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_INVALID_MODE_INT 126 # define PROV_R_INVALID_PADDING_MODE 168 # define PROV_R_INVALID_PSS_SALTLEN 169 +# define PROV_R_INVALID_RSA_KEY 217 # define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_SEED_LENGTH 154 # define PROV_R_INVALID_SIGNATURE_SIZE 179 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 7a5c41bfda..e65ce96471 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -96,6 +96,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "invalid padding mode"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN), "invalid pss saltlen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_RSA_KEY), "invalid rsa key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH), "invalid salt length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH), diff --git a/providers/defltprov.c b/providers/defltprov.c index 7ab006ae83..466b7908a1 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -537,6 +537,8 @@ static const OSSL_ALGORITHM deflt_serializer[] = { static const OSSL_ALGORITHM deflt_deserializer[] = { { "RSA", "provider=default,fips=yes,input=der", der_to_rsa_deserializer_functions }, + { "RSA-PSS", "provider=default,fips=yes,input=der", + der_to_rsapss_deserializer_functions }, { "DER", "provider=default,fips=yes,input=pem", pem_to_der_deserializer_functions }, diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 4890f11969..b02f0c6476 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -360,4 +360,5 @@ extern const OSSL_DISPATCH ec_pub_pem_serializer_functions[]; extern const OSSL_DISPATCH ec_param_pem_serializer_functions[]; extern const OSSL_DISPATCH der_to_rsa_deserializer_functions[]; +extern const OSSL_DISPATCH der_to_rsapss_deserializer_functions[]; extern const OSSL_DISPATCH pem_to_der_deserializer_functions[]; diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 3231c020c9..7ed280e861 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -628,10 +628,12 @@ const OSSL_DISPATCH rsapss_keymgmt_functions[] = { (void (*)(void))rsapss_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, diff --git a/providers/implementations/serializers/deserialize_der2rsa.c b/providers/implementations/serializers/deserialize_der2rsa.c index 6854c7efcb..75066546ba 100644 --- a/providers/implementations/serializers/deserialize_der2rsa.c +++ b/providers/implementations/serializers/deserialize_der2rsa.c @@ -16,10 +16,12 @@ #include #include #include +#include #include #include #include "prov/bio.h" #include "prov/implementations.h" +#include "prov/providercommonerr.h" #include "serializer_local.h" static OSSL_FUNC_deserializer_newctx_fn der2rsa_newctx; @@ -37,10 +39,12 @@ static OSSL_FUNC_deserializer_export_object_fn der2rsa_export_object; struct der2rsa_ctx_st { PROV_CTX *provctx; + int type; + struct pkcs8_encrypt_ctx_st sc; }; -static void *der2rsa_newctx(void *provctx) +static struct der2rsa_ctx_st *der2rsa_newctx_int(void *provctx) { struct der2rsa_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); @@ -52,6 +56,24 @@ static void *der2rsa_newctx(void *provctx) return ctx; } +static void *der2rsa_newctx(void *provctx) +{ + struct der2rsa_ctx_st *ctx = der2rsa_newctx_int(provctx); + + if (ctx != NULL) + ctx->type = EVP_PKEY_RSA; + return ctx; +} + +static void *der2rsapss_newctx(void *provctx) +{ + struct der2rsa_ctx_st *ctx = der2rsa_newctx_int(provctx); + + if (ctx != NULL) + ctx->type = EVP_PKEY_RSA_PSS; + return ctx; +} + static void der2rsa_freectx(void *vctx) { struct der2rsa_ctx_st *ctx = vctx; @@ -166,7 +188,7 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin, } derp = der; - if ((pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &derp, der_len, + if ((pkey = d2i_PrivateKey_ex(ctx->type, NULL, &derp, der_len, libctx, NULL)) != NULL) { /* Tear out the RSA pointer from the pkey */ rsa = EVP_PKEY_get1_RSA(pkey); @@ -177,10 +199,27 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin, if (rsa != NULL) { OSSL_PARAM params[3]; + char *object_type = NULL; + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + object_type = "RSA"; + break; + case RSA_FLAG_TYPE_RSASSAPSS: + object_type = "RSA-PSS"; + break; + default: + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_RSA_KEY, + "Expected the RSA type to be %d or %d, but got %d", + RSA_FLAG_TYPE_RSA, RSA_FLAG_TYPE_RSASSAPSS, + RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)); + goto end; + } + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DESERIALIZER_PARAM_DATA_TYPE, - "RSA", 0); + object_type, 0); /* The address of the key becomes the octet string */ params[1] = OSSL_PARAM_construct_octet_string(OSSL_DESERIALIZER_PARAM_REFERENCE, @@ -189,17 +228,18 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin, ok = data_cb(params, data_cbarg); } + end: RSA_free(rsa); return ok; } -static int der2rsa_export_object(void *vctx, - const void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg) +static int der2rsa_export_object_int(void *vctx, + const void *reference, size_t reference_sz, + OSSL_FUNC_keymgmt_export_fn *rsa_export, + OSSL_CALLBACK *export_cb, + void *export_cbarg) { - OSSL_FUNC_keymgmt_export_fn *rsa_export = - ossl_prov_get_keymgmt_rsa_export(); void *keydata; if (reference_sz == sizeof(keydata) && rsa_export != NULL) { @@ -212,6 +252,26 @@ static int der2rsa_export_object(void *vctx, return 0; } +static int der2rsa_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, + void *export_cbarg) +{ + return der2rsa_export_object_int(vctx, reference, reference_sz, + ossl_prov_get_keymgmt_rsa_export(), + export_cb, export_cbarg); +} + +static int der2rsapss_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, + void *export_cbarg) +{ + return der2rsa_export_object_int(vctx, reference, reference_sz, + ossl_prov_get_keymgmt_rsapss_export(), + export_cb, export_cbarg); +} + const OSSL_DISPATCH der_to_rsa_deserializer_functions[] = { { OSSL_FUNC_DESERIALIZER_NEWCTX, (void (*)(void))der2rsa_newctx }, { OSSL_FUNC_DESERIALIZER_FREECTX, (void (*)(void))der2rsa_freectx }, @@ -229,3 +289,21 @@ const OSSL_DISPATCH der_to_rsa_deserializer_functions[] = { (void (*)(void))der2rsa_export_object }, { 0, NULL } }; + +const OSSL_DISPATCH der_to_rsapss_deserializer_functions[] = { + { OSSL_FUNC_DESERIALIZER_NEWCTX, (void (*)(void))der2rsapss_newctx }, + { OSSL_FUNC_DESERIALIZER_FREECTX, (void (*)(void))der2rsa_freectx }, + { OSSL_FUNC_DESERIALIZER_GETTABLE_PARAMS, + (void (*)(void))der2rsa_gettable_params }, + { OSSL_FUNC_DESERIALIZER_GET_PARAMS, + (void (*)(void))der2rsa_get_params }, + { OSSL_FUNC_DESERIALIZER_SETTABLE_CTX_PARAMS, + (void (*)(void))der2rsa_settable_ctx_params }, + { OSSL_FUNC_DESERIALIZER_SET_CTX_PARAMS, + (void (*)(void))der2rsa_set_ctx_params }, + { OSSL_FUNC_DESERIALIZER_DESERIALIZE, + (void (*)(void))der2rsa_deserialize }, + { OSSL_FUNC_DESERIALIZER_EXPORT_OBJECT, + (void (*)(void))der2rsapss_export_object }, + { 0, NULL } +}; diff --git a/providers/implementations/serializers/serializer_local.h b/providers/implementations/serializers/serializer_local.h index a94418bb2a..f1d2fe743c 100644 --- a/providers/implementations/serializers/serializer_local.h +++ b/providers/implementations/serializers/serializer_local.h @@ -38,9 +38,11 @@ OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *f OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns); OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void); +OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsapss_new(void); OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void); OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_rsa_import(void); OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void); +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsapss_export(void); OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void); OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_dh_free(void); OSSL_FUNC_keymgmt_import_fn *ossl_prov_get_keymgmt_dh_import(void); diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index d0cea458d1..9250d49735 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -27,6 +27,11 @@ OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsa_new(void) return ossl_prov_get_keymgmt_new(rsa_keymgmt_functions); } +OSSL_FUNC_keymgmt_new_fn *ossl_prov_get_keymgmt_rsapss_new(void) +{ + return ossl_prov_get_keymgmt_new(rsapss_keymgmt_functions); +} + OSSL_FUNC_keymgmt_free_fn *ossl_prov_get_keymgmt_rsa_free(void) { return ossl_prov_get_keymgmt_free(rsa_keymgmt_functions); @@ -42,6 +47,11 @@ OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsa_export(void) return ossl_prov_get_keymgmt_export(rsa_keymgmt_functions); } +OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_rsapss_export(void) +{ + return ossl_prov_get_keymgmt_export(rsapss_keymgmt_functions); +} + int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) { const char *modulus_label; @@ -199,6 +209,7 @@ int ossl_prov_prepare_rsa_params(const void *rsa, int nid, case RSA_FLAG_TYPE_RSASSAPSS: if (rsa_pss_params_30_is_unrestricted(pss)) { *pstrtype = V_ASN1_UNDEF; + return 1; } else { ASN1_STRING *astr = NULL; WPACKET pkt; diff --git a/test/serdes_test.c b/test/serdes_test.c index b4f3d0b5c8..0fc5cb7b4d 100644 --- a/test/serdes_test.c +++ b/test/serdes_test.c @@ -29,6 +29,8 @@ static EVP_PKEY *key_RSA = NULL; static EVP_PKEY *legacy_key_RSA = NULL; +static EVP_PKEY *key_RSA_PSS = NULL; +static EVP_PKEY *legacy_key_RSA_PSS = NULL; static EVP_PKEY *make_RSA(const char *rsa_type, int make_legacy) { @@ -60,10 +62,10 @@ typedef int (serializer)(void **serialized, long *serialized_len, typedef int (deserializer)(void **object, void *serialized, long serialized_len, const char *pass, const char *pcipher); -typedef int (checker)(int type, const void *data, size_t data_len); +typedef int (checker)(const char *type, const void *data, size_t data_len); typedef void (dumper)(const char *label, const void *data, size_t data_len); -static int test_serialize_deserialize(EVP_PKEY *pkey, +static int test_serialize_deserialize(const char *type, EVP_PKEY *pkey, const char *pass, const char *pcipher, serializer *serialize_cb, deserializer *deserialize_cb, @@ -79,7 +81,7 @@ static int test_serialize_deserialize(EVP_PKEY *pkey, if (!serialize_cb(&serialized, &serialized_len, pkey, pass, pcipher, ser_propq) - || !check_cb(EVP_PKEY_base_id(pkey), serialized, serialized_len) + || !check_cb(type, serialized, serialized_len) || !deserialize_cb((void **)&pkey2, serialized, serialized_len, pass, pcipher) || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) @@ -232,7 +234,7 @@ static void dump_pem(const char *label, const void *data, size_t data_len) test_output_string(label, data, data_len - 1); } -static int check_unprotected_PKCS8_DER(int type, +static int check_unprotected_PKCS8_DER(const char *type, const void *data, size_t data_len) { const unsigned char *datap = data; @@ -243,7 +245,7 @@ static int check_unprotected_PKCS8_DER(int type, if (TEST_ptr(p8inf)) { EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf); - ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, "RSA"))); + ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type))); EVP_PKEY_free(pkey); } PKCS8_PRIV_KEY_INFO_free(p8inf); @@ -252,7 +254,7 @@ static int check_unprotected_PKCS8_DER(int type, static int test_unprotected_RSA_via_DER(void) { - return test_serialize_deserialize(key_RSA, NULL, NULL, + return test_serialize_deserialize("RSA", key_RSA, NULL, NULL, serialize_EVP_PKEY_prov, deserialize_EVP_PKEY_prov, check_unprotected_PKCS8_DER, dump_der, @@ -260,7 +262,17 @@ static int test_unprotected_RSA_via_DER(void) 0); } -static int check_unprotected_PKCS8_PEM(int type, +static int test_unprotected_RSA_PSS_via_DER(void) +{ + return test_serialize_deserialize("RSA-PSS", key_RSA_PSS, NULL, NULL, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_unprotected_PKCS8_DER, dump_der, + OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, + 0); +} + +static int check_unprotected_PKCS8_PEM(const char *type, const void *data, size_t data_len) { static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8INF "-----"; @@ -270,7 +282,17 @@ static int check_unprotected_PKCS8_PEM(int type, static int test_unprotected_RSA_via_PEM(void) { - return test_serialize_deserialize(key_RSA, NULL, NULL, + return test_serialize_deserialize("RSA", key_RSA, NULL, NULL, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_unprotected_PKCS8_PEM, dump_pem, + OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, + 0); +} + +static int test_unprotected_RSA_PSS_via_PEM(void) +{ + return test_serialize_deserialize("RSA-PSS", key_RSA_PSS, NULL, NULL, serialize_EVP_PKEY_prov, deserialize_EVP_PKEY_prov, check_unprotected_PKCS8_PEM, dump_pem, @@ -278,17 +300,29 @@ static int test_unprotected_RSA_via_PEM(void) 0); } -static int check_unprotected_legacy_PEM(int type, +static int check_unprotected_legacy_PEM(const char *type, const void *data, size_t data_len) { - static const char pem_header[] = "-----BEGIN " PEM_STRING_RSA "-----"; + static char pem_header[80]; - return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1); + return + TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header), + "-----BEGIN %s PRIVATE KEY-----", type), 0) + && TEST_strn_eq(data, pem_header, strlen(pem_header)); } static int test_unprotected_RSA_via_legacy_PEM(void) { - return test_serialize_deserialize(legacy_key_RSA, NULL, NULL, + return test_serialize_deserialize("RSA", legacy_key_RSA, NULL, NULL, + serialize_EVP_PKEY_legacy_PEM, + deserialize_EVP_PKEY_prov, + check_unprotected_legacy_PEM, dump_pem, + NULL, 1); +} + +static int test_unprotected_RSA_PSS_via_legacy_PEM(void) +{ + return test_serialize_deserialize("RSA-PSS", legacy_key_RSA_PSS, NULL, NULL, serialize_EVP_PKEY_legacy_PEM, deserialize_EVP_PKEY_prov, check_unprotected_legacy_PEM, dump_pem, @@ -298,7 +332,7 @@ static int test_unprotected_RSA_via_legacy_PEM(void) static const char *pass_cipher = "AES-256-CBC"; static const char *pass = "the holy handgrenade of antioch"; -static int check_protected_PKCS8_DER(int type, +static int check_protected_PKCS8_DER(const char *type, const void *data, size_t data_len) { const unsigned char *datap = data; @@ -311,7 +345,17 @@ static int check_protected_PKCS8_DER(int type, static int test_protected_RSA_via_DER(void) { - return test_serialize_deserialize(key_RSA, pass, pass_cipher, + return test_serialize_deserialize("RSA", key_RSA, pass, pass_cipher, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_protected_PKCS8_DER, dump_der, + OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, + 0); +} + +static int test_protected_RSA_PSS_via_DER(void) +{ + return test_serialize_deserialize("RSA", key_RSA, pass, pass_cipher, serialize_EVP_PKEY_prov, deserialize_EVP_PKEY_prov, check_protected_PKCS8_DER, dump_der, @@ -319,7 +363,7 @@ static int test_protected_RSA_via_DER(void) 0); } -static int check_protected_PKCS8_PEM(int type, +static int check_protected_PKCS8_PEM(const char *type, const void *data, size_t data_len) { static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8 "-----"; @@ -329,7 +373,17 @@ static int check_protected_PKCS8_PEM(int type, static int test_protected_RSA_via_PEM(void) { - return test_serialize_deserialize(key_RSA, pass, pass_cipher, + return test_serialize_deserialize("RSA", key_RSA, pass, pass_cipher, + serialize_EVP_PKEY_prov, + deserialize_EVP_PKEY_prov, + check_protected_PKCS8_PEM, dump_pem, + OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, + 0); +} + +static int test_protected_RSA_PSS_via_PEM(void) +{ + return test_serialize_deserialize("RSA-PSS", key_RSA_PSS, pass, pass_cipher, serialize_EVP_PKEY_prov, deserialize_EVP_PKEY_prov, check_protected_PKCS8_PEM, dump_pem, @@ -337,19 +391,31 @@ static int test_protected_RSA_via_PEM(void) 0); } -static int check_protected_legacy_PEM(int type, +static int check_protected_legacy_PEM(const char *type, const void *data, size_t data_len) { - static const char pem_header[] = "-----BEGIN " PEM_STRING_RSA "-----"; + static char pem_header[80]; return - TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1) + TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header), + "-----BEGIN %s PRIVATE KEY-----", type), 0) + && TEST_strn_eq(data, pem_header, strlen(pem_header)) && TEST_ptr(strstr(data, "\nDEK-Info: ")); } static int test_protected_RSA_via_legacy_PEM(void) { - return test_serialize_deserialize(legacy_key_RSA, pass, pass_cipher, + return test_serialize_deserialize("RSA", legacy_key_RSA, pass, pass_cipher, + serialize_EVP_PKEY_legacy_PEM, + deserialize_EVP_PKEY_prov, + check_protected_legacy_PEM, dump_pem, + NULL, 1); +} + +static int test_protected_RSA_PSS_via_legacy_PEM(void) +{ + return test_serialize_deserialize("RSA-PSS", legacy_key_RSA_PSS, + pass, pass_cipher, serialize_EVP_PKEY_legacy_PEM, deserialize_EVP_PKEY_prov, check_protected_legacy_PEM, dump_pem, @@ -360,9 +426,13 @@ int setup_tests(void) { TEST_info("Generating keys..."); if (!TEST_ptr(key_RSA = make_RSA("RSA", 0)) - || !TEST_ptr(legacy_key_RSA = make_RSA("RSA", 1))) { + || !TEST_ptr(legacy_key_RSA = make_RSA("RSA", 1)) + || !TEST_ptr(key_RSA_PSS = make_RSA("RSA-PSS", 0)) + || !TEST_ptr(legacy_key_RSA_PSS = make_RSA("RSA-PSS", 1))) { EVP_PKEY_free(key_RSA); EVP_PKEY_free(legacy_key_RSA); + EVP_PKEY_free(key_RSA_PSS); + EVP_PKEY_free(legacy_key_RSA_PSS); return 0; } TEST_info("Generating key... done"); @@ -373,6 +443,12 @@ int setup_tests(void) ADD_TEST(test_protected_RSA_via_DER); ADD_TEST(test_protected_RSA_via_PEM); ADD_TEST(test_protected_RSA_via_legacy_PEM); + ADD_TEST(test_unprotected_RSA_PSS_via_DER); + ADD_TEST(test_unprotected_RSA_PSS_via_PEM); + ADD_TEST(test_unprotected_RSA_PSS_via_legacy_PEM); + ADD_TEST(test_protected_RSA_PSS_via_DER); + ADD_TEST(test_protected_RSA_PSS_via_PEM); + ADD_TEST(test_protected_RSA_PSS_via_legacy_PEM); return 1; } From builds at travis-ci.com Mon Jul 27 10:39:25 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 27 Jul 2020 10:39:25 +0000 Subject: Still Failing: openssl/openssl#36367 (master - 51d9ac8) In-Reply-To: Message-ID: <5f1eaedd289b9_13fd490ea6e4829237e@travis-pro-tasks-798df58f9d-zp4kb.mail> Build Update for openssl/openssl ------------------------------------- Build: #36367 Status: Still Failing Duration: 1 hr, 18 mins, and 49 secs Commit: 51d9ac8 (master) Author: Matt Caswell Message: Fix no-ec2m Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12526) View the changeset: https://github.com/openssl/openssl/compare/71b35e193408...51d9ac870acd View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177261535?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Mon Jul 27 11:48:54 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 27 Jul 2020 11:48:54 +0000 Subject: Still Failing: openssl/openssl#36368 (master - 846f96f) In-Reply-To: Message-ID: <5f1ebf269aed2_13fcf5a6a63b44948f6@travis-pro-tasks-798df58f9d-25fzw.mail> Build Update for openssl/openssl ------------------------------------- Build: #36368 Status: Still Failing Duration: 1 hr, 29 mins, and 22 secs Commit: 846f96f (master) Author: Richard Levitte Message: TEST: Add RSA-PSS cases in test/serdes_test.c Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12492) View the changeset: https://github.com/openssl/openssl/compare/51d9ac870acd...846f96f82126 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177269285?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 27 12:54:03 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 12:54:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1595854443.297131.3776.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3113, 857 wallclock secs (12.59 usr 1.14 sys + 796.09 cusr 58.93 csys = 868.75 CPU) Result: FAIL Makefile:3153: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3151: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 27 13:51:56 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 27 Jul 2020 13:51:56 +0000 Subject: Build failed: openssl master.35830 Message-ID: <20200727135156.1.1119A1A837FAB258@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 27 20:44:27 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 27 Jul 2020 20:44:27 +0000 Subject: Build completed: openssl master.35831 Message-ID: <20200727204427.1.94F256BA50A2F30F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 27 20:54:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 20:54:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1595883295.124639.11255.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=207, Tests=3250, 901 wallclock secs (12.24 usr 1.33 sys + 799.30 cusr 62.00 csys = 874.87 CPU) Result: FAIL Makefile:3157: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3155: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 27 23:15:49 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 27 Jul 2020 23:15:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1595891749.715591.23988.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=207, Tests=2959, 771 wallclock secs ( 9.73 usr 1.23 sys + 704.93 cusr 53.55 csys = 769.44 CPU) Result: FAIL Makefile:2384: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2382: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 05:27:32 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 05:27:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1595914052.933080.4887.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DESERIALIZER.3 doc/man/man3/OSSL_DESERIALIZER_CTX.3 doc/man/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DESERIALIZER_from_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_deserializer test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/serdes_test test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_deserializer.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4140: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3109: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From dev at ddvo.net Tue Jul 28 07:18:17 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 28 Jul 2020 07:18:17 +0000 Subject: [openssl] master update Message-ID: <1595920697.396645.31976.nullmailer@dev.openssl.org> The branch master has been updated via ef8980176d53d85ff96d913a647c01d07e144c5d (commit) from 846f96f821260ca83cc93bfa35207864b05abec5 (commit) - Log ----------------------------------------------------------------- commit ef8980176d53d85ff96d913a647c01d07e144c5d Author: Dr. David von Oheimb Date: Mon May 11 15:41:08 2020 +0200 Deprecate -nodes in favor of -noenc in pkcs12 and req app Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12495) ----------------------------------------------------------------------- Summary of changes: apps/pkcs12.c | 6 ++++-- apps/req.c | 12 +++++++----- doc/man1/openssl-pkcs12.pod.in | 10 ++++++++-- doc/man1/openssl-req.pod.in | 10 ++++++++-- test/certs/setup.sh | 2 +- test/recipes/80-test_tsa.t | 2 +- test/recipes/90-test_store.t | 2 +- test/smime-certs/mksmime-certs.sh | 22 +++++++++++----------- 8 files changed, 41 insertions(+), 25 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 18f9550ded..ca83e2d1be 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -57,7 +57,7 @@ typedef enum OPTION_choice { OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS, OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER, OPT_DESCERT, OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, - OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, + OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_NOENC, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME, OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, @@ -129,7 +129,8 @@ const OPTIONS pkcs12_options[] = { {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"}, {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"}, {"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, - {"nodes", OPT_NODES, '-', "Don't encrypt private keys"}, + {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, + {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, OPT_R_OPTIONS, @@ -240,6 +241,7 @@ int pkcs12_main(int argc, char **argv) macalg = opt_arg(); break; case OPT_NODES: + case OPT_NOENC: enc = NULL; break; case OPT_CERTPBE: diff --git a/apps/req.c b/apps/req.c index bee0329b24..8931e9829f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -93,7 +93,7 @@ typedef enum OPTION_choice { OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT, OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY, OPT_PKEYOPT, OPT_SIGOPT, OPT_VFYOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS, - OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, + OPT_VERIFY, OPT_NOENC, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509, OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS, OPT_REQEXTS, OPT_PRECERT, OPT_MD, @@ -157,7 +157,8 @@ const OPTIONS req_options[] = { {"batch", OPT_BATCH, '-', "Do not ask anything during request generation"}, {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"nodes", OPT_NODES, '-', "Don't encrypt the output key"}, + {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, + {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, {"noout", OPT_NOOUT, '-', "Do not output REQ"}, {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"}, {"modulus", OPT_MODULUS, '-', "RSA modulus"}, @@ -257,7 +258,7 @@ int req_main(int argc, char **argv) int pkey_type = -1, private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM; int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0; - int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; + int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; long newkey = -1; unsigned long chtype = MBSTRING_ASC, reqflag = 0; @@ -375,7 +376,8 @@ int req_main(int argc, char **argv) verify = 1; break; case OPT_NODES: - nodes = 1; + case OPT_NOENC: + noenc = 1; break; case OPT_NOOUT: noout = 1; @@ -693,7 +695,7 @@ int req_main(int argc, char **argv) } if ((p != NULL) && (strcmp(p, "no") == 0)) cipher = NULL; - if (nodes) + if (noenc) cipher = NULL; i = 0; diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index 8c819c56f8..3a97a81517 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -36,6 +36,7 @@ B B [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] +[B<-noenc>] [B<-nodes>] [B<-iter> I] [B<-noiter>] @@ -146,10 +147,14 @@ Use ARIA to encrypt private keys before outputting. Use Camellia to encrypt private keys before outputting. -=item B<-nodes> +=item B<-noenc> Don't encrypt the private keys at all. +=item B<-nodes> + +This option is deprecated since OpenSSL 3.0; use B<-noenc> instead. + =item B<-nomacver> Don't attempt to verify the integrity MAC before reading the file. @@ -344,7 +349,7 @@ Output only client certificates to a file: Don't encrypt the private key: - openssl pkcs12 -in file.p12 -out file.pem -nodes + openssl pkcs12 -in file.p12 -out file.pem -noenc Print some info about a PKCS#12 file: @@ -368,6 +373,7 @@ L =head1 HISTORY The B<-engine> option was deprecated in OpenSSL 3.0. +The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead. =head1 COPYRIGHT diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 07354453be..1af355b5b3 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -23,6 +23,7 @@ B B [B<-new>] [B<-newkey> I] [B<-pkeyopt> I:I] +[B<-noenc>] [B<-nodes>] [B<-key> I] [B<-keyform> B|B|B|B] @@ -198,11 +199,15 @@ This gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used. -=item B<-nodes> +=item B<-noenc> If this option is specified then if a private key is created it will not be encrypted. +=item B<-nodes> + +This option is deprecated since OpenSSL 3.0; use B<-noenc> instead. + =item B<-I> This specifies the message digest to sign the request. @@ -394,7 +399,7 @@ It is used for private key generation. =item B If this is set to B then if a private key is generated it is -B encrypted. This is equivalent to the B<-nodes> command line +B encrypted. This is equivalent to the B<-noenc> command line option. For compatibility B is an equivalent option. =item B @@ -696,6 +701,7 @@ All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. The B<-engine> option was deprecated in OpenSSL 3.0. +The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead. =head1 COPYRIGHT diff --git a/test/certs/setup.sh b/test/certs/setup.sh index d1c56bb56d..85ae5ed3c1 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -375,7 +375,7 @@ OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \ "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \ server-ecdsa-brainpoolP256r1-cert rootkey rootcert -openssl req -new -nodes -subj "/CN=localhost" \ +openssl req -new -noenc -subj "/CN=localhost" \ -newkey rsa-pss -keyout server-pss-restrict-key.pem \ -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \ ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \ diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t index 859dacbdd1..3a4d729d0d 100644 --- a/test/recipes/80-test_tsa.t +++ b/test/recipes/80-test_tsa.t @@ -97,7 +97,7 @@ indir "tsa" => sub $ENV{TSDNSECT} = "ts_ca_dn"; skip "failed", 19 unless ok(run(app(["openssl", "req", "-config", $openssl_conf, - "-new", "-x509", "-nodes", + "-new", "-x509", "-noenc", "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])), 'creating a new CA for the TSA tests'); diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 9f4eaa2961..57c2e6e9c2 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -317,7 +317,7 @@ sub init { }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files)) # *-cert.pem (intermediary for the .p12 inits) && run(app(["openssl", "req", "-x509", - "-config", $cnf, "-nodes", + "-config", $cnf, "-noenc", "-key", $cakey, "-out", "cacert.pem"])) && runall(sub { my $srckey = shift; diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh index e6803ef74f..9316831d64 100644 --- a/test/smime-certs/mksmime-certs.sh +++ b/test/smime-certs/mksmime-certs.sh @@ -14,22 +14,22 @@ OPENSSL_CONF=./ca.cnf export OPENSSL_CONF # Root CA: create certificate directly -CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \ +CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 # EE RSA certificates: create request first -CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \ -keyout smrsa1.pem -out req.pem -newkey rsa:2048 # Sign request: end entity extensions $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem -CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \ -keyout smrsa2.pem -out req.pem -newkey rsa:2048 $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem -CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \ -keyout smrsa3.pem -out req.pem -newkey rsa:2048 $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem @@ -38,15 +38,15 @@ $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ $OPENSSL dsaparam -out dsap.pem 2048 -CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \ -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem -CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \ -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem -CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \ -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem @@ -56,15 +56,15 @@ $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ $OPENSSL ecparam -out ecp.pem -name P-256 $OPENSSL ecparam -out ecp2.pem -name K-283 -CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \ -keyout smec1.pem -out req.pem -newkey ec:ecp.pem $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem -CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \ -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem -CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ -keyout smec3.pem -out req.pem -newkey ec:ecp.pem $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem @@ -75,7 +75,7 @@ $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \ $OPENSSL genpkey -paramfile dhp.pem -out smdh.pem $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem # Generate dummy request. -CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -nodes \ +CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \ -keyout smtmp.pem -out req.pem -newkey rsa:2048 # Sign request but force public key to DH $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ From no-reply at appveyor.com Tue Jul 28 08:16:03 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 28 Jul 2020 08:16:03 +0000 Subject: Build failed: openssl master.35844 Message-ID: <20200728081603.1.F9B75993D6193ED3@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Tue Jul 28 08:51:48 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 28 Jul 2020 08:51:48 +0000 Subject: Still Failing: openssl/openssl#36385 (master - ef89801) In-Reply-To: Message-ID: <5f1fe72472823_13ff6bf5a0924951cd@travis-pro-tasks-858c5584bb-zphbd.mail> Build Update for openssl/openssl ------------------------------------- Build: #36385 Status: Still Failing Duration: 1 hr, 19 mins, and 23 secs Commit: ef89801 (master) Author: Dr. David von Oheimb Message: Deprecate -nodes in favor of -noenc in pkcs12 and req app Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12495) View the changeset: https://github.com/openssl/openssl/compare/846f96f82126...ef8980176d53 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177399428?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 28 09:10:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 28 Jul 2020 09:10:08 +0000 Subject: Build failed: openssl master.35845 Message-ID: <20200728091008.1.8CBDEA600E42B98F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 28 10:26:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 10:26:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1595931978.003614.12737.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DESERIALIZER.3 doc/man/man3/OSSL_DESERIALIZER_CTX.3 doc/man/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DESERIALIZER_from_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_deserializer test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/serdes_test test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_deserializer.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4143: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3112: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Jul 28 11:14:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 11:14:18 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-srtp Message-ID: <1595934858.218103.15672.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-srtp Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 860 wallclock secs (12.82 usr 1.22 sys + 797.86 cusr 63.60 csys = 875.50 CPU) Result: FAIL Makefile:3157: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-srtp' Makefile:3155: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 11:38:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 11:38:15 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-sse2 Message-ID: <1595936295.542463.1282.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sse2 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 859 wallclock secs (12.44 usr 1.30 sys + 794.95 cusr 63.35 csys = 872.04 CPU) Result: FAIL Makefile:3161: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sse2' Makefile:3159: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 12:02:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 12:02:08 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ssl-trace Message-ID: <1595937728.879493.19407.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ssl-trace Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 856 wallclock secs (12.68 usr 1.15 sys + 791.18 cusr 63.10 csys = 868.11 CPU) Result: FAIL Makefile:3154: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ssl-trace' Makefile:3152: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 12:36:18 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 12:36:18 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-static-engine no-shared Message-ID: <1595939778.851241.28139.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-static-engine no-shared Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3044, 828 wallclock secs ( 9.92 usr 1.06 sys + 773.46 cusr 52.38 csys = 836.82 CPU) Result: FAIL Makefile:2519: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-static-engine' Makefile:2517: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 13:02:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 13:02:45 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-threads Message-ID: <1595941365.900253.29201.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-threads Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 856 wallclock secs (12.62 usr 1.32 sys + 782.57 cusr 58.79 csys = 855.30 CPU) Result: FAIL Makefile:3171: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-threads' Makefile:3169: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 13:26:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 13:26:37 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1595942797.904122.13416.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... skipped: TS is not supported by this OpenSSL build 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3230, 857 wallclock secs (12.60 usr 1.27 sys + 795.68 cusr 60.17 csys = 869.72 CPU) Result: FAIL Makefile:3123: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3121: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 14:16:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 14:16:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1595945819.695435.32036.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40576BEEED7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40576BEEED7F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3250, 1772 wallclock secs (13.36 usr 1.32 sys + 1684.81 cusr 86.23 csys = 1785.72 CPU) Result: FAIL Makefile:3155: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3153: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 14:41:20 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 14:41:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1595947280.561558.16798.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=207, Tests=3250, 887 wallclock secs (12.75 usr 1.26 sys + 785.98 cusr 61.74 csys = 861.73 CPU) Result: FAIL Makefile:3158: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3156: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 15:05:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 15:05:21 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-unit-test Message-ID: <1595948721.959854.2452.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-unit-test Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 861 wallclock secs (12.56 usr 1.43 sys + 795.96 cusr 62.66 csys = 872.61 CPU) Result: FAIL Makefile:3155: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-unit-test' Makefile:3153: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 15:29:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 15:29:36 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-whirlpool Message-ID: <1595950176.099405.19338.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-whirlpool Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 881 wallclock secs (12.64 usr 1.41 sys + 819.67 cusr 61.15 csys = 894.87 CPU) Result: FAIL Makefile:3138: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-whirlpool' Makefile:3136: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 15:53:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 15:53:34 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-weak-ssl-ciphers Message-ID: <1595951614.673310.3940.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-weak-ssl-ciphers Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 866 wallclock secs (12.32 usr 1.36 sys + 804.76 cusr 62.53 csys = 880.97 CPU) Result: FAIL Makefile:3168: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-weak-ssl-ciphers' Makefile:3166: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 16:17:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 16:17:48 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-zlib Message-ID: <1595953068.531985.22046.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-zlib Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3252, 876 wallclock secs (12.80 usr 1.20 sys + 812.03 cusr 63.43 csys = 889.46 CPU) Result: FAIL Makefile:3152: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-zlib' Makefile:3150: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 16:41:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 16:41:46 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-zlib-dynamic Message-ID: <1595954506.988344.6707.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-zlib-dynamic Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3252, 860 wallclock secs (12.94 usr 1.25 sys + 795.31 cusr 63.42 csys = 872.92 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-zlib-dynamic' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 17:06:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 17:06:21 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings 386 Message-ID: <1595955981.959584.24836.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings 386 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 898 wallclock secs (12.70 usr 1.14 sys + 835.70 cusr 62.33 csys = 911.87 CPU) Result: FAIL Makefile:3145: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/386' Makefile:3143: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 17:30:24 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 17:30:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1595957424.110535.9317.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=207, Tests=3247, 863 wallclock secs (13.17 usr 1.44 sys + 792.65 cusr 63.46 csys = 870.72 CPU) Result: FAIL Makefile:3154: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3152: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 17:50:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 17:50:56 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1595958656.064276.22509.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. skipped: No TLS/SSL protocols are supported by this OpenSSL build 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. skipped: No TLS/SSL protocols are supported by this OpenSSL build 70-test_comp.t ..................... skipped: test_comp needs TLSv1.3 or TLSv1.2 enabled 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ skipped: No TLS/SSL protocols are supported by this OpenSSL build 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... skipped: No TLS/SSL protocols are supported by this OpenSSL build 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. skipped: test_sslextension needs TLS enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs TLS1.2 or TLS1.3 enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs TLS enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs TLS enabled 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs TLS enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. skipped: No SSL/TLS protocol is supported by this OpenSSL build. 80-test_cipherlist.t ............... skipped: No SSL/TLS protocol is supported by this OpenSSL build. 80-test_ciphername.t ............... skipped: No SSL/TLS protocol is supported by this OpenSSL build. # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... skipped: No TLS protocols are supported by this OpenSSL build 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. skipped: No TLS/SSL protocols are supported by this OpenSSL build 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... skipped: No TLS/SSL protocols are supported by this OpenSSL build 90-test_sslbuffers.t ............... skipped: No suitable TLS/SSL protocol is supported by this OpenSSL build 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3042, 650 wallclock secs ( 9.42 usr 1.15 sys + 590.73 cusr 55.17 csys = 656.47 CPU) Result: FAIL Makefile:3157: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls' Makefile:3155: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 18:15:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 18:15:30 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ssl3 Message-ID: <1595960130.956726.8320.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ssl3 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 886 wallclock secs (13.18 usr 1.42 sys + 813.84 cusr 64.04 csys = 892.48 CPU) Result: FAIL Makefile:3159: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ssl3' Makefile:3157: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 18:39:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 18:39:21 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1 Message-ID: <1595961561.244505.25245.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 847 wallclock secs (13.31 usr 1.38 sys + 776.70 cusr 63.51 csys = 854.90 CPU) Result: FAIL Makefile:3153: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1' Makefile:3151: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 19:03:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 19:03:16 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1 Message-ID: <1595962996.832563.10696.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3242, 851 wallclock secs (13.13 usr 1.38 sys + 780.43 cusr 63.10 csys = 858.04 CPU) Result: FAIL Makefile:3155: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_1' Makefile:3153: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 19:26:01 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 19:26:01 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1595964361.142615.25737.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3164, 782 wallclock secs (11.18 usr 1.33 sys + 716.89 cusr 59.63 csys = 789.03 CPU) Result: FAIL Makefile:3141: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:3139: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 19:46:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 19:46:45 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1 Message-ID: <1595965605.452089.10264.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3249, 745 wallclock secs (12.12 usr 1.14 sys + 682.00 cusr 58.86 csys = 754.12 CPU) Result: FAIL Makefile:3153: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1' Makefile:3151: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 20:10:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 20:10:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1595967044.260005.28913.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010279B577F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010279B577F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/MbHdTXRUYS default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01097AF807F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01097AF807F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01097AF807F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01097AF807F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C01097AF807F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C01097AF807F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/MbHdTXRUYS fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=207, Tests=3249, 860 wallclock secs (13.34 usr 1.41 sys + 789.64 cusr 63.32 csys = 867.71 CPU) Result: FAIL Makefile:3154: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3152: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 20:35:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 20:35:21 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ssl3-method Message-ID: <1595968521.295544.13511.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ssl3-method Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 892 wallclock secs (13.37 usr 1.30 sys + 821.00 cusr 64.33 csys = 900.00 CPU) Result: FAIL Makefile:3159: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ssl3-method' Makefile:3157: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 20:59:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 20:59:28 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1-method Message-ID: <1595969968.070122.30429.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1-method Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 861 wallclock secs (13.25 usr 1.40 sys + 789.71 cusr 62.71 csys = 867.07 CPU) Result: FAIL Makefile:3153: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1-method' Makefile:3151: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 21:23:20 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 21:23:20 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method Message-ID: <1595971400.250702.15836.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3242, 848 wallclock secs (13.10 usr 1.38 sys + 777.75 cusr 63.97 csys = 856.20 CPU) Result: FAIL Makefile:3163: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_1-method' Makefile:3161: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue Jul 28 21:26:45 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 28 Jul 2020 21:26:45 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.35853 Message-ID: <20200728212645.1.6D302A4F1EA554A2@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 28 21:46:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 21:46:00 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1595972760.347519.30878.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3164, 777 wallclock secs (11.63 usr 1.34 sys + 714.54 cusr 60.54 csys = 788.05 CPU) Result: FAIL Makefile:3159: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:3157: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 22:10:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 22:10:15 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1-method Message-ID: <1595974215.588529.16591.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1-method Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3249, 874 wallclock secs (13.10 usr 1.53 sys + 803.13 cusr 64.02 csys = 881.78 CPU) Result: FAIL Makefile:3142: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1-method' Makefile:3140: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Tue Jul 28 22:22:56 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 28 Jul 2020 22:22:56 +0000 Subject: [openssl] master update Message-ID: <1595974976.428523.6225.nullmailer@dev.openssl.org> The branch master has been updated via 5cd9962272388fc9a51711495a8c6a3f230ab5ce (commit) from ef8980176d53d85ff96d913a647c01d07e144c5d (commit) - Log ----------------------------------------------------------------- commit 5cd9962272388fc9a51711495a8c6a3f230ab5ce Author: Matt Caswell Date: Tue Jul 28 15:28:06 2020 +0100 Fix a test_verify failure A recently added certificate in test/certs expired causing test_verify to fail. This add a replacement certificate with a long expiry date. Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12549) ----------------------------------------------------------------------- Summary of changes: test/certs/ee-self-signed.pem | 33 +++++++++++++++++---------------- test/certs/setup.sh | 2 +- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem index ad1e37ba0e..e854c9ad27 100644 --- a/test/certs/ee-self-signed.pem +++ b/test/certs/ee-self-signed.pem @@ -1,18 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL -BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN -MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU -fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC -76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz -BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl -V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv -0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP -MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO -lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G -d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI -ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 -CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK -wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 -WHoc +MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP +MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg +K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7 +iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c +QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS +luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj +1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB +o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU +55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC +B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm +WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO +h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG +G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf +vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o +ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM= -----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 85ae5ed3c1..369fef4f43 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -186,7 +186,7 @@ OPENSSL_KEYBITS=768 \ ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert # self-signed end-entity cert with explicit keyUsage not including KeyCertSign -openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500 # Proxy certificates, off of ee-client # Start with some good ones From openssl at openssl.org Tue Jul 28 22:34:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 22:34:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1595975654.618620.1178.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0702538A07F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0702538A07F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/WWcz02UbMZ default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E05462177F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E05462177F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E05462177F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E05462177F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E05462177F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E05462177F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/WWcz02UbMZ fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=207, Tests=3249, 859 wallclock secs (13.18 usr 1.27 sys + 787.60 cusr 64.04 csys = 866.09 CPU) Result: FAIL Makefile:3167: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3165: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 22:58:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 22:58:22 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-siphash Message-ID: <1595977102.670119.18103.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-siphash Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3246, 877 wallclock secs (12.95 usr 1.39 sys + 806.35 cusr 63.77 csys = 884.46 CPU) Result: FAIL Makefile:3149: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-siphash' Makefile:3147: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 23:21:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 23:21:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1595978485.661054.2203.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C030E18C6F7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C030E18C6F7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C030E18C6F7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C030E18C6F7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/KRZlwEfojs default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C06027622A7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C06027622A7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C06027622A7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C06027622A7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/KRZlwEfojs fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=207, Tests=3171, 802 wallclock secs (11.34 usr 1.29 sys + 736.73 cusr 57.21 csys = 806.57 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 28 23:45:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 28 Jul 2020 23:45:14 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1595979914.203366.18960.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3237, 858 wallclock secs (13.18 usr 1.41 sys + 788.75 cusr 64.09 csys = 867.43 CPU) Result: FAIL Makefile:3145: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm2' Makefile:3143: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jul 28 23:52:32 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 28 Jul 2020 23:52:32 +0000 Subject: Still Failing: openssl/openssl#36397 (master - 5cd9962) In-Reply-To: Message-ID: <5f20ba3fceef7_13fada150c4984480b@travis-pro-tasks-ff999bffb-8cxww.mail> Build Update for openssl/openssl ------------------------------------- Build: #36397 Status: Still Failing Duration: 1 hr, 16 mins, and 25 secs Commit: 5cd9962 (master) Author: Matt Caswell Message: Fix a test_verify failure A recently added certificate in test/certs expired causing test_verify to fail. This add a replacement certificate with a long expiry date. Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12549) View the changeset: https://github.com/openssl/openssl/compare/ef8980176d53...5cd996227238 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177529110?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 29 00:09:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 29 Jul 2020 00:09:28 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3 Message-ID: <1595981368.238937.4527.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3237, 882 wallclock secs (13.11 usr 1.40 sys + 808.99 cusr 63.00 csys = 886.50 CPU) Result: FAIL Makefile:3142: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm3' Makefile:3140: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jul 29 00:33:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 29 Jul 2020 00:33:36 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm4 Message-ID: <1595982816.360407.21241.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm4 Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3232, 872 wallclock secs (13.34 usr 1.40 sys + 800.10 cusr 64.79 csys = 879.63 CPU) Result: FAIL Makefile:3159: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm4' Makefile:3157: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jul 29 00:58:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 29 Jul 2020 00:58:14 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-trace Message-ID: <1595984294.280561.5914.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-trace Commit log since last time: 71b35e1934 DER to RSA deserializer: fix inclusion fcdd228b01 Fix no-dh and no-dsa 1660c8fa6b Update EVP_EncodeInit.pod a57fc73063 EVP: Fix key type check logic in evp_pkey_cmp_any() e2ac846eff TEST: Update the serialization/deserialization test with legacy PEM encryption 436623f89f PROV: Update the PEM to DER deserializer to handle encrypted legacy PEM 3ecbea6a09 TEST: Update the serialization/deserialization test with encryption 38b14f4747 PROV: Update the DER to RSA deserializer to handle encrypted PKCS#8 7524b7b748 DESERIALIZER: Implement decryption of password protected objects 45396db0e3 SERIALIZER: No enc argument for OSSL_SERIALIZER_CTX_set_passphrase_cb() 5a23d78c9b TEST: Add new serializer and deserializer test dcfacbbfe9 PROV: Implement PEM to DER deserializer 1017b8e4a1 PROV: Implement DER to RSA deserializer 853ca12813 CORE: Add upcalls for BIO_gets() and BIO_puts() 072a9fde7d SERIALIZER: Add functions to deserialize into an EVP_PKEY c3e4c1f325 DESERIALIZER: Add foundation for deserializers 5dacb38cce KEYMGMT: Add key loading function OSSL_FUNC_keymgmt_load() af836c22ce EVP KEYMGMT utils: Make a few more utility functions available 6725682d77 Add X509 related libctx changes. ae89578be2 Test RSA oaep in fips mode a27cb956c0 Fix: uninstantiation breaks the RAND_DRBG callback mechanism d1768e8298 test/drbgtest.c: set the correct counter to trigger reseeding 8e3e1dfeaa test/drbgtest.c: Remove error check for large generate requests 9fb6692c1b Fix DRBG reseed counter condition. 11a6d6fd70 test/drbgtest.c: Fix error check test Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 25-test_verify.t (Wstat: 256 Tests: 144 Failed: 1) Failed test: 137 Non-zero exit status: 1 Files=207, Tests=3250, 893 wallclock secs (13.18 usr 1.47 sys + 823.94 cusr 63.93 csys = 902.52 CPU) Result: FAIL Makefile:3156: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-trace' Makefile:3154: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Wed Jul 29 07:32:20 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 29 Jul 2020 07:32:20 +0000 Subject: [openssl] master update Message-ID: <1596007940.012871.30338.nullmailer@dev.openssl.org> The branch master has been updated via 79410c5f8b139c423be436810b4fe4de4637fc24 (commit) from 5cd9962272388fc9a51711495a8c6a3f230ab5ce (commit) - Log ----------------------------------------------------------------- commit 79410c5f8b139c423be436810b4fe4de4637fc24 Author: Pauli Date: Tue Jul 28 11:14:14 2020 +1000 namemap: fix threading issue The locking was too fine grained when adding entries to a namemap. Refactored the working code into unlocked functions and call these with appropriate locking. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12545) ----------------------------------------------------------------------- Summary of changes: crypto/core_namemap.c | 87 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 35 deletions(-) diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index e17b3ac0e2..b08fb84556 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -143,11 +143,24 @@ void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, CRYPTO_THREAD_unlock(namemap->lock); } +static int namemap_name2num_n(const OSSL_NAMEMAP *namemap, + const char *name, size_t name_len) +{ + NAMENUM_ENTRY *namenum_entry, namenum_tmpl; + + if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) + return 0; + namenum_tmpl.number = 0; + namenum_entry = + lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); + OPENSSL_free(namenum_tmpl.name); + return namenum_entry != NULL ? namenum_entry->number : 0; +} + int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len) { - NAMENUM_ENTRY *namenum_entry, namenum_tmpl; - int number = 0; + int number; #ifndef FIPS_MODULE if (namemap == NULL) @@ -157,16 +170,9 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, if (namemap == NULL) return 0; - if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) - return 0; - namenum_tmpl.number = 0; CRYPTO_THREAD_read_lock(namemap->lock); - namenum_entry = - lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); - if (namenum_entry != NULL) - number = namenum_entry->number; + number = namemap_name2num_n(namemap, name, name_len); CRYPTO_THREAD_unlock(namemap->lock); - OPENSSL_free(namenum_tmpl.name); return number; } @@ -205,45 +211,50 @@ const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, return data.name; } -int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len) +static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, + const char *name, size_t name_len) { NAMENUM_ENTRY *namenum = NULL; int tmp_number; -#ifndef FIPS_MODULE - if (namemap == NULL) - namemap = ossl_namemap_stored(NULL); -#endif - - if (name == NULL || name_len == 0 || namemap == NULL) - return 0; - - if ((tmp_number = ossl_namemap_name2num_n(namemap, name, name_len)) != 0) - return tmp_number; /* Pretend success */ - - CRYPTO_THREAD_write_lock(namemap->lock); + /* If it already exists, we don't add it */ + if ((tmp_number = namemap_name2num_n(namemap, name, name_len)) != 0) + return tmp_number; if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL) goto err; - namenum->number = tmp_number = + namenum->number = number != 0 ? number : 1 + tsan_counter(&namemap->max_number); (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); if (lh_NAMENUM_ENTRY_error(namemap->namenum)) goto err; - - CRYPTO_THREAD_unlock(namemap->lock); - - return tmp_number; + return namenum->number; err: namenum_free(namenum); + return 0; +} +int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, + const char *name, size_t name_len) +{ + int tmp_number; + +#ifndef FIPS_MODULE + if (namemap == NULL) + namemap = ossl_namemap_stored(NULL); +#endif + + if (name == NULL || name_len == 0 || namemap == NULL) + return 0; + + CRYPTO_THREAD_write_lock(namemap->lock); + tmp_number = namemap_add_name_n(namemap, number, name, name_len); CRYPTO_THREAD_unlock(namemap->lock); - return 0; + return tmp_number; } int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name) @@ -266,6 +277,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, return 0; } + CRYPTO_THREAD_write_lock(namemap->lock); /* * Check that no name is an empty string, and that all names have at * most one numeric identity together. @@ -278,11 +290,11 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, else l = q - p; /* offset to the next separator */ - this_number = ossl_namemap_name2num_n(namemap, p, l); + this_number = namemap_name2num_n(namemap, p, l); if (*p == '\0' || *p == separator) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME); - return 0; + goto err; } if (number == 0) { number = this_number; @@ -290,7 +302,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES, "\"%.*s\" has an existing different identity %d (from \"%s\")", l, p, this_number, names); - return 0; + goto err; } } @@ -303,18 +315,23 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, else l = q - p; /* offset to the next separator */ - this_number = ossl_namemap_add_name_n(namemap, number, p, l); + this_number = namemap_add_name_n(namemap, number, p, l); if (number == 0) { number = this_number; } else if (this_number != number) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR, "Got number %d when expecting %d", this_number, number); - return 0; + goto err; } } + CRYPTO_THREAD_unlock(namemap->lock); return number; + + err: + CRYPTO_THREAD_unlock(namemap->lock); + return 0; } /*- From builds at travis-ci.com Wed Jul 29 08:54:49 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 29 Jul 2020 08:54:49 +0000 Subject: Still Failing: openssl/openssl#36401 (master - 79410c5) In-Reply-To: Message-ID: <5f213958e9ea8_13fdd19dbbde41284c0@travis-pro-tasks-6fd97d57cd-cllsv.mail> Build Update for openssl/openssl ------------------------------------- Build: #36401 Status: Still Failing Duration: 1 hr, 1 min, and 10 secs Commit: 79410c5 (master) Author: Pauli Message: namemap: fix threading issue The locking was too fine grained when adding entries to a namemap. Refactored the working code into unlocked functions and call these with appropriate locking. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12545) View the changeset: https://github.com/openssl/openssl/compare/5cd996227238...79410c5f8b13 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177565839?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Wed Jul 29 21:30:35 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 29 Jul 2020 21:30:35 +0000 Subject: [openssl] master update Message-ID: <1596058235.960589.13031.nullmailer@dev.openssl.org> The branch master has been updated via cfae32c69a0dde5a47fbd5aed4103fb01fc59acf (commit) via f5384f064ec2ef9f1975877da46e6f64c776427c (commit) from 79410c5f8b139c423be436810b4fe4de4637fc24 (commit) - Log ----------------------------------------------------------------- commit cfae32c69a0dde5a47fbd5aed4103fb01fc59acf Author: Nicola Tuveri Date: Tue Jul 21 23:12:59 2020 +0300 [test][ectest] Minor touches to custom_generator_test Minor changes to `custom_generator_test`: - this is to align to the 1.1.1 version of the test (simplify the code as there is no need to use `EC_GROUP_get_field_type()`) - add comment to explain how the buffer size is computed Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12507) commit f5384f064ec2ef9f1975877da46e6f64c776427c Author: Nicola Tuveri Date: Tue Jul 21 18:04:38 2020 +0300 [test] Vertically test explicit EC params API patterns This commit adds a new test (run on all the built-in curves) to create `EC_GROUP` with **unknown** *explicit parameters*: from a built-in group we create an alternative group from scratch that differs in the generator used. At the `EC_GROUP` layer we perform a basic math check to ensure that the math on the alternative group still makes sense, using comparable results from the origin group. We then create two `EC_KEY` objects on top of this alternative group and run key generation from the `EC_KEY` layer. Then we promote these two `EC_KEY`s to `EVP_PKEY` objects and try to run the derive operation at the highest abstraction layer, comparing results in both directions. Finally, we create provider-native keys using `EVP_PKEY_fromdata` and data derived from the previous objects, we compute an equivalent shared secret from these provider keys, and compare it to the result obtained from the previous steps. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12507) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 287 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 282 insertions(+), 5 deletions(-) diff --git a/test/ectest.c b/test/ectest.c index 8cceaa67e7..3678c42f71 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -32,6 +32,9 @@ # include # include # include +# include "openssl/core_names.h" +# include "openssl/param_build.h" +# include "openssl/evp.h" static size_t crv_len = 0; static EC_builtin_curve *curves = NULL; @@ -2361,10 +2364,8 @@ static int custom_generator_test(int id) goto err; /* expected byte length of encoded points */ - bsize = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) ? - BN_num_bytes(EC_GROUP_get0_field(group)) : - (EC_GROUP_get_degree(group) + 7) / 8; - bsize = 2 * bsize + 1; + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ if (!TEST_ptr(k = BN_CTX_get(ctx)) /* fetch a testing scalar k != 0,1 */ @@ -2402,7 +2403,7 @@ static int custom_generator_test(int id) POINT_CONVERSION_UNCOMPRESSED, b2, bsize, ctx), bsize) /* Q1 = kG = k/2 G2 = Q2 should hold */ - || !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0)) + || !TEST_mem_eq(b1, bsize, b2, bsize)) goto err; ret = 1; @@ -2420,6 +2421,281 @@ static int custom_generator_test(int id) return ret; } +/* + * check creation of curves from explicit params through the public API + */ +static int custom_params_test(int id) +{ + int ret = 0, nid, bsize; + const char *curve_name = NULL; + EC_GROUP *group = NULL, *altgroup = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + const EC_POINT *Q = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *buf1 = NULL, *buf2 = NULL; + const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + int is_prime = 0; + EC_KEY *eckey1 = NULL, *eckey2 = NULL; + EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; + EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; + size_t sslen, t; + unsigned char *pub1 = NULL , *pub2 = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params1 = NULL, *params2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + curve_name = OBJ_nid2sn(nid); + TEST_note("Curve %s", curve_name); + + if (nid == NID_sm2) + return TEST_skip("custom params not supported with SM2"); + + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field; +# ifdef OPENSSL_NO_EC2M + if (!is_prime) { + ret = TEST_skip("binary curves not supported in this build"); + goto err; + } +# endif + + BN_CTX_start(ctx); + if (!TEST_ptr(p = BN_CTX_get(ctx)) + || !TEST_ptr(a = BN_CTX_get(ctx)) + || !TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_ptr(k = BN_CTX_get(ctx))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ + + /* extract parameters from built-in curve */ + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, + EC_GROUP_get0_generator(group), ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + || !TEST_ptr(z = EC_GROUP_get0_order(group)) + || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group)) + ) + goto err; + + /* create a new group using same params (but different generator) */ + if (is_prime) { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx))) + goto err; + } +# ifndef OPENSSL_NO_EC2M + else { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + goto err; + } +# endif + + /* set 2*G as the generator of altgroup */ + EC_POINT_free(G2); /* discard G2 as it refers to the original group */ + if (!TEST_ptr(G2 = EC_POINT_new(altgroup)) + || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) + || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) + || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof)) + ) + goto err; + + /* verify math checks out */ + if (/* allocate temporary points on group and altgroup */ + !TEST_ptr(Q1 = EC_POINT_new(group)) + || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + /* Q1 := kG on group */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + /* k := k/2 */ + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 on altgroup */ + || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + buf2, bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(buf1, bsize, buf2, bsize)) + goto err; + + /* create two `EC_KEY`s on altgroup */ + if (!TEST_ptr(eckey1 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey1)) + || !TEST_ptr(eckey2 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey2))) + goto err; + + /* retrieve priv1 for later */ + if (!TEST_ptr(priv1 = EC_KEY_get0_private_key(eckey1))) + goto err; + + /* + * retrieve bytes for pub1 for later + * + * We compute the pub key in the original group as we will later use it to + * define a provider key in the built-in group. + */ + if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + pub1, bsize, ctx), bsize)) + goto err; + + /* retrieve bytes for pub2 for later */ + if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + pub2, bsize, ctx), bsize)) + goto err; + + /* create two `EVP_PKEY`s from the `EC_KEY`s */ + if(!TEST_ptr(pkey1 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) + goto err; + eckey1 = NULL; /* ownership passed to pkey1 */ + if(!TEST_ptr(pkey2 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) + goto err; + eckey2 = NULL; /* ownership passed to pkey2 */ + + /* Compute keyexchange in both directions */ + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) + goto err; + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) + goto err; + + /* Both sides should expect the same shared secret */ + if (!TEST_mem_eq(buf1, sslen, buf2, t)) + goto err; + + /* Build parameters for provider-native keys */ + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub1, bsize)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, + priv1)) + || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + OSSL_PARAM_BLD_free(param_bld); + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub2, bsize)) + || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + /* create two new provider-native `EVP_PKEY`s */ + EVP_PKEY_CTX_free(pctx2); + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_true(EVP_PKEY_key_fromdata_init(pctx2)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, params1)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, params2))) + goto err; + + /* compute keyexchange once more using the provider keys */ + EVP_PKEY_CTX_free(pctx1); + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OSSL_PARAM_BLD_free(param_bld); + OSSL_PARAM_BLD_free_params(params1); + OSSL_PARAM_BLD_free_params(params2); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + EC_GROUP_free(altgroup); + OPENSSL_free(buf1); + OPENSSL_free(buf2); + OPENSSL_free(pub1); + OPENSSL_free(pub2); + EC_KEY_free(eckey1); + EC_KEY_free(eckey2); + EVP_PKEY_free(pkey1); + EVP_PKEY_free(pkey2); + EVP_PKEY_CTX_free(pctx1); + EVP_PKEY_CTX_free(pctx2); + + return ret; +} + #endif /* OPENSSL_NO_EC */ int setup_tests(void) @@ -2448,6 +2724,7 @@ int setup_tests(void) ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); ADD_ALL_TESTS(custom_generator_test, crv_len); + ADD_ALL_TESTS(custom_params_test, crv_len); #endif /* OPENSSL_NO_EC */ return 1; } From builds at travis-ci.com Wed Jul 29 22:53:01 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 29 Jul 2020 22:53:01 +0000 Subject: Still Failing: openssl/openssl#36411 (master - cfae32c) In-Reply-To: Message-ID: <5f21fdcd4269b_13f9b7c4a6684324411@travis-pro-tasks-79bb9db949-5tts5.mail> Build Update for openssl/openssl ------------------------------------- Build: #36411 Status: Still Failing Duration: 1 hr, 21 mins, and 4 secs Commit: cfae32c (master) Author: Nicola Tuveri Message: [test][ectest] Minor touches to custom_generator_test Minor changes to `custom_generator_test`: - this is to align to the 1.1.1 version of the test (simplify the code as there is no need to use `EC_GROUP_get_field_type()`) - add comment to explain how the buffer size is computed Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12507) View the changeset: https://github.com/openssl/openssl/compare/79410c5f8b13...cfae32c69a0d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177713346?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 29 23:57:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 29 Jul 2020 23:57:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1596067050.219274.4087.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 80179486A47F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80D7580FD27F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 80D7580FD27F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3044, 1750 wallclock secs (11.68 usr 1.59 sys + 1577.91 cusr 155.51 csys = 1746.69 CPU) Result: FAIL Makefile:2508: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:2506: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 30 01:46:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 01:46:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1596073570.681008.2500.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3113, 796 wallclock secs (11.35 usr 1.14 sys + 737.51 cusr 57.48 csys = 807.48 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 30 07:21:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 07:21:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1596093710.141450.12103.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): C030D795747F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C030D795747F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C030D795747F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C030D795747F0000:error::asn1 encoding routines:d2i_PrivateKey_ex:ASN1 lib:../openssl/crypto/asn1/d2i_pr.c:67: C030D795747F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C030D795747F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C030D795747F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO C030D795747F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl/crypto/asn1/tasn_dec.c:1135: C030D795747F0000:error::asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:698: C030D795747F0000:error::asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:630:Field=pkey, Type=PKCS8_PRIV_KEY_INFO OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 1 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C0C0ED1D2F7F0000:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:928:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:2136:CMP warning: -subject '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf' given, which overrides the subject of 'test.cert.pem' in KUR # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 1 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. Could not open file or uri test.cert.pem for loading CMP client certificate (and optionally extra certs) C060AB64F07F0000:error::system library:file_open_with_libctx:No such file or directory:../openssl/crypto/store/loader_file.c:928:calling stat(test.cert.pem) Unable to load CMP client certificate (and optionally extra certs) OPENSSL_FUNC:../openssl/apps/cmp.c:3053:CMP error: cannot set up CMP context # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -subject option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -secret option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # OPENSSL_FUNC:../openssl/apps/cmp.c:826:CMP warning: can load only one certificate in DER format from test.cert.pem ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 1 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ # Looks like you failed 31 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-des/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=207, Tests=3147, 868 wallclock secs (12.65 usr 1.43 sys + 814.44 cusr 58.01 csys = 886.53 CPU) Result: FAIL Makefile:3080: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3078: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 30 07:45:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 07:45:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1596095141.915170.28989.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=207, Tests=3247, 852 wallclock secs (12.42 usr 1.27 sys + 790.91 cusr 61.05 csys = 865.65 CPU) Result: FAIL Makefile:3159: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3157: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Thu Jul 30 07:38:56 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 30 Jul 2020 07:38:56 +0000 Subject: [openssl] master update Message-ID: <1596094736.040418.5057.nullmailer@dev.openssl.org> The branch master has been updated via 593d6554f87310f3184c2f45d71c09975ffe9f53 (commit) via 299e0f1eaea1c57354e50a45ecb1c97ac8adb833 (commit) from cfae32c69a0dde5a47fbd5aed4103fb01fc59acf (commit) - Log ----------------------------------------------------------------- commit 593d6554f87310f3184c2f45d71c09975ffe9f53 Author: Dr. David von Oheimb Date: Sat Jul 18 16:59:06 2020 +0200 Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12431) commit 299e0f1eaea1c57354e50a45ecb1c97ac8adb833 Author: Dr. David von Oheimb Date: Mon Jul 13 14:12:02 2020 +0200 Streamline the CMP request session API, adding the generalized OSSL_CMP_exec_certreq() Fixes #12395 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12431) ----------------------------------------------------------------------- Summary of changes: crypto/cmp/cmp_client.c | 45 ++++++------------ crypto/cmp/cmp_err.c | 8 ++-- crypto/cmp/cmp_local.h | 6 +-- crypto/cmp/cmp_msg.c | 53 ++++++++++++---------- crypto/cmp/cmp_server.c | 2 +- crypto/crmf/crmf_asn.c | 2 +- crypto/err/openssl.txt | 6 +-- ...mp_certReq_new.pod => ossl_cmp_certreq_new.pod} | 16 +++---- doc/internal/man3/ossl_cmp_msg_create.pod | 2 +- doc/internal/man3/ossl_cmp_pkisi_get_status.pod | 2 +- doc/man3/OSSL_CMP_CTX_new.pod | 5 +- doc/man3/OSSL_CMP_MSG_get0_header.pod | 13 ++++++ ...P_exec_IR_ses.pod => OSSL_CMP_exec_certreq.pod} | 45 ++++++++++++------ doc/man3/OSSL_CMP_validate_msg.pod | 2 +- doc/man3/X509_dup.pod | 1 + fuzz/cmp.c | 2 +- include/openssl/cmp.h | 26 +++++++---- include/openssl/cmperr.h | 6 +-- include/openssl/crmf.h | 1 + test/cmp_client_test.c | 38 ++++++++-------- test/cmp_msg_test.c | 8 ++-- util/libcrypto.num | 7 ++- util/other.syms | 4 ++ 23 files changed, 164 insertions(+), 136 deletions(-) rename doc/internal/man3/{ossl_cmp_certReq_new.pod => ossl_cmp_certreq_new.pod} (93%) rename doc/man3/{OSSL_CMP_exec_IR_ses.pod => OSSL_CMP_exec_certreq.pod} (78%) diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index f38d8651f4..37473c7a6c 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -630,7 +630,8 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, return ret; } -int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter) +int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm, int *checkAfter) { OSSL_CMP_MSG *req = NULL; OSSL_CMP_MSG *rep = NULL; @@ -652,7 +653,7 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter) if (ctx->total_timeout > 0) /* else ctx->end_time is not used */ ctx->end_time = time(NULL) + ctx->total_timeout; - req = ossl_cmp_certReq_new(ctx, req_type, 0 /* req_err */); + req = ossl_cmp_certreq_new(ctx, req_type, crm); if (req == NULL) /* also checks if all necessary options are set */ return 0; @@ -685,18 +686,26 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter) * TODO: another function to request two certificates at once should be created. * Returns pointer to received certificate, or NULL if none was received. */ -static X509 *do_certreq_seq(OSSL_CMP_CTX *ctx, int req_type, int req_err, - int rep_type) +X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm) { + OSSL_CMP_MSG *req = NULL; OSSL_CMP_MSG *rep = NULL; - int rid = (req_type == OSSL_CMP_PKIBODY_P10CR) ? -1 : OSSL_CMP_CERTREQID; + int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR; + int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID; + int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1; X509 *result = NULL; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return NULL; } + if (is_p10 && crm != NULL) { + CMPerr(0, CMP_R_INVALID_ARGS); + return NULL; + } + ctx->status = -1; if (!ossl_cmp_ctx_set0_newCert(ctx, NULL)) return NULL; @@ -705,7 +714,7 @@ static X509 *do_certreq_seq(OSSL_CMP_CTX *ctx, int req_type, int req_err, ctx->end_time = time(NULL) + ctx->total_timeout; /* OSSL_CMP_certreq_new() also checks if all necessary options are set */ - if ((req = ossl_cmp_certReq_new(ctx, req_type, req_err)) == NULL) + if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL) goto err; if (!send_receive_check(ctx, req, &rep, rep_type)) @@ -722,30 +731,6 @@ static X509 *do_certreq_seq(OSSL_CMP_CTX *ctx, int req_type, int req_err, return result; } -X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx) -{ - return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_IR, - CMP_R_ERROR_CREATING_IR, OSSL_CMP_PKIBODY_IP); -} - -X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx) -{ - return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_CR, - CMP_R_ERROR_CREATING_CR, OSSL_CMP_PKIBODY_CP); -} - -X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx) -{ - return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_KUR, - CMP_R_ERROR_CREATING_KUR, OSSL_CMP_PKIBODY_KUP); -} - -X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx) -{ - return do_certreq_seq(ctx, OSSL_CMP_PKIBODY_P10CR, - CMP_R_ERROR_CREATING_P10CR, OSSL_CMP_PKIBODY_CP); -} - X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx) { OSSL_CMP_MSG *rr = NULL; diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index 1ee1002233..87d0f0f1b0 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -45,17 +45,14 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "error creating certconf"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREP), "error creating certrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CR), "error creating cr"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREQ), + "error creating certreq"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_ERROR), "error creating error"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENM), "error creating genm"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENP), "error creating genp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_IR), "error creating ir"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_KUR), "error creating kur"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_P10CR), - "error creating p10cr"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_PKICONF), "error creating pkiconf"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREP), @@ -90,6 +87,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "missing key input for creating protection"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), "missing key usage digitalsignature"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_P10CSR), "missing p10csr"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"}, diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 0d874ae785..92f192bb5f 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -855,9 +855,9 @@ const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); -OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int bodytype, - int err_code); -OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype, +OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, + const OSSL_CRMF_MSG *crm); +OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, int certReqId, OSSL_CMP_PKISI *si, X509 *cert, STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, int encrypted, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index c5a9dbccf8..d45a803677 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -128,7 +128,7 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) case OSSL_CMP_PKIBODY_P10CR: if (ctx->p10CSR == NULL) { - CMPerr(0, CMP_R_ERROR_CREATING_P10CR); + CMPerr(0, CMP_R_MISSING_P10CSR); goto err; } if ((msg->body->value.p10cr = X509_REQ_dup(ctx->p10CSR)) == NULL) @@ -197,13 +197,12 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, - int bodytype) + int for_KUR) { if (ctx->subjectName != NULL) return ctx->subjectName; - if (refcert != NULL - && (bodytype == OSSL_CMP_PKIBODY_KUR || !HAS_SAN(ctx))) + if (refcert != NULL && (for_KUR || !HAS_SAN(ctx))) /* * For KUR, copy subjectName from reference certificate. * For IR or CR, do the same only if there is no subjectAltName. @@ -212,18 +211,14 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert, return NULL; } -/* - * Create CRMF certificate request message for IR/CR/KUR - * returns a pointer to the OSSL_CRMF_MSG on success, NULL on error - */ -static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) +OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) { OSSL_CRMF_MSG *crm = NULL; X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert; /* refcert defaults to current client cert */ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; - const X509_NAME *subject = determine_subj(ctx, refcert, bodytype); + const X509_NAME *subject = determine_subj(ctx, refcert, for_KUR); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; @@ -236,7 +231,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) return NULL; #endif } - if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) { + if (for_KUR && refcert == NULL) { CMPerr(0, CMP_R_MISSING_REFERENCE_CERT); return NULL; } @@ -295,7 +290,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) /* end fill certTemplate, now set any controls */ /* for KUR, set OldCertId according to D.6 */ - if (bodytype == OSSL_CMP_PKIBODY_KUR) { + if (for_KUR) { OSSL_CRMF_CERTID *cid = OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), X509_get0_serialNumber(refcert)); @@ -321,10 +316,11 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) return crm; } -OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code) +OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, + const OSSL_CRMF_MSG *crm) { OSSL_CMP_MSG *msg; - OSSL_CRMF_MSG *crm = NULL; + OSSL_CRMF_MSG *local_crm = NULL; if (!ossl_assert(ctx != NULL)) return NULL; @@ -353,13 +349,23 @@ OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code) CMPerr(0, CMP_R_MISSING_PRIVATE_KEY); goto err; } - if ((crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL - || !OSSL_CRMF_MSG_create_popo(crm, privkey, ctx->digest, - ctx->popoMethod) - /* value.ir is same for cr and kur */ - || !sk_OSSL_CRMF_MSG_push(msg->body->value.ir, crm)) + if (crm == NULL) { + local_crm = OSSL_CMP_CTX_setup_CRM(ctx, + type == OSSL_CMP_PKIBODY_KUR, + OSSL_CMP_CERTREQID); + if (local_crm == NULL + || !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest, + ctx->popoMethod)) + goto err; + } else { + if ((local_crm = OSSL_CRMF_MSG_dup(crm)) == NULL) + goto err; + } + + /* value.ir is same for cr and kur */ + if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm)) goto err; - crm = NULL; + local_crm = NULL; /* TODO: here optional 2nd certreqmsg could be pushed to the stack */ } @@ -369,14 +375,13 @@ OSSL_CMP_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int type, int err_code) return msg; err: - if (err_code != 0) - CMPerr(0, err_code); - OSSL_CRMF_MSG_free(crm); + CMPerr(0, CMP_R_ERROR_CREATING_CERTREQ); + OSSL_CRMF_MSG_free(local_crm); OSSL_CMP_MSG_free(msg); return NULL; } -OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype, +OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, int certReqId, OSSL_CMP_PKISI *si, X509 *cert, STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, int encrypted, diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 8570885eed..a9a86cb5de 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -230,7 +230,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, goto err; } - msg = ossl_cmp_certRep_new(srv_ctx->ctx, bodytype, certReqId, si, + msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si, certOut, chainOut, caPubs, 0 /* encrypted */, srv_ctx->sendUnprotectedErrors); /* diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c index 567cfaaeec..0f6de3ce8d 100644 --- a/crypto/crmf/crmf_asn.c +++ b/crypto/crmf/crmf_asn.c @@ -230,7 +230,7 @@ ASN1_SEQUENCE(OSSL_CRMF_MSG) = { OSSL_CRMF_ATTRIBUTETYPEANDVALUE) } ASN1_SEQUENCE_END(OSSL_CRMF_MSG) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG) - +IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a99648a1fd..0124d1d3ae 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2098,13 +2098,10 @@ CMP_R_ENCOUNTERED_WAITING:162:encountered waiting CMP_R_ERROR_CALCULATING_PROTECTION:115:error calculating protection CMP_R_ERROR_CREATING_CERTCONF:116:error creating certconf CMP_R_ERROR_CREATING_CERTREP:117:error creating certrep -CMP_R_ERROR_CREATING_CR:163:error creating cr +CMP_R_ERROR_CREATING_CERTREQ:163:error creating certreq CMP_R_ERROR_CREATING_ERROR:118:error creating error CMP_R_ERROR_CREATING_GENM:119:error creating genm CMP_R_ERROR_CREATING_GENP:120:error creating genp -CMP_R_ERROR_CREATING_IR:164:error creating ir -CMP_R_ERROR_CREATING_KUR:165:error creating kur -CMP_R_ERROR_CREATING_P10CR:121:error creating p10cr CMP_R_ERROR_CREATING_PKICONF:122:error creating pkiconf CMP_R_ERROR_CREATING_POLLREP:123:error creating pollrep CMP_R_ERROR_CREATING_POLLREQ:124:error creating pollreq @@ -2125,6 +2122,7 @@ CMP_R_INVALID_OPTION:174:invalid option CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\ missing key input for creating protection CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature +CMP_R_MISSING_P10CSR:121:missing p10csr CMP_R_MISSING_PRIVATE_KEY:131:missing private key CMP_R_MISSING_PROTECTION:143:missing protection CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert diff --git a/doc/internal/man3/ossl_cmp_certReq_new.pod b/doc/internal/man3/ossl_cmp_certreq_new.pod similarity index 93% rename from doc/internal/man3/ossl_cmp_certReq_new.pod rename to doc/internal/man3/ossl_cmp_certreq_new.pod index 1bf0311e77..3c9654c18f 100644 --- a/doc/internal/man3/ossl_cmp_certReq_new.pod +++ b/doc/internal/man3/ossl_cmp_certreq_new.pod @@ -2,8 +2,8 @@ =head1 NAME -ossl_cmp_certReq_new, -ossl_cmp_certRep_new, +ossl_cmp_certreq_new, +ossl_cmp_certrep_new, ossl_cmp_rr_new, ossl_cmp_rp_new, ossl_cmp_certConf_new, @@ -47,9 +47,9 @@ ossl_cmp_error_new # define OSSL_CMP_PKIBODY_POLLREQ 25 # define OSSL_CMP_PKIBODY_POLLREP 26 - OSSL_ossl_cmp_MSG *ossl_cmp_certReq_new(OSSL_CMP_CTX *ctx, int bodytype, - int err_code); - OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype, + OSSL_ossl_cmp_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, + const OSSL_CRMF_MSG *crm); + OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, int certReqId, OSSL_CMP_PKISI *si, X509 *cert, STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, @@ -75,10 +75,10 @@ This is the API for creating various CMP PKIMESSAGES. The functions allocate a new message, fill it with the relevant data derived from the given OSSL_CMP_CTX, and create the applicable protection. -ossl_cmp_certReq_new() creates a PKIMessage for requesting a certificate, +ossl_cmp_certreq_new() creates a PKIMessage for requesting a certificate, which can be either of IR/CR/KUR/P10CR, depending on the given B. -The OpenSSL error reason code defined in err.h to use on error is given as -B. +The CRMF message to use may be given via the B argument; +else (if B is NULL) it is created from the information in the B. Available CMP certificate request PKIMessage Bs are: diff --git a/doc/internal/man3/ossl_cmp_msg_create.pod b/doc/internal/man3/ossl_cmp_msg_create.pod index ebc08f7ef1..3c236a3b49 100644 --- a/doc/internal/man3/ossl_cmp_msg_create.pod +++ b/doc/internal/man3/ossl_cmp_msg_create.pod @@ -62,7 +62,7 @@ See the individual functions above. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/internal/man3/ossl_cmp_pkisi_get_status.pod b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod index fe91834139..cd32c9015d 100644 --- a/doc/internal/man3/ossl_cmp_pkisi_get_status.pod +++ b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod @@ -74,7 +74,7 @@ See the individual functions above. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index cb2d68a44b..368d73f820 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -682,8 +682,9 @@ the id-it-signKeyPairTypes OID and prints info on the General Response contents: =head1 SEE ALSO -L, L, -L +L, L, +L, L, +L =head1 HISTORY diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index 3ab76c14df..f1bf8eac32 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -4,6 +4,7 @@ OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_update_transactionID, +OSSL_CMP_CTX_setup_CRM, d2i_OSSL_CMP_MSG_bio, i2d_OSSL_CMP_MSG_bio - function(s) manipulating CMP messages @@ -14,6 +15,7 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); + OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -25,6 +27,14 @@ OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. This requires re-protecting the message (if it was protected). +OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message +for inclusion in a CMP request message based on details contained in I. +If the CMP context does not include a subject name set via +L but includes a reference certificate +then it copies the subject DN from there +if I is set or the I does not include a subjectAltName. +The I defines the request identifier to use, which typically is 0. + d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I. It assigns a pointer to the new structure to I<*msg> if I is not NULL. @@ -40,6 +50,9 @@ CMP is defined in RFC 4210. OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above or NULL if the respective entry does not exist and on error. +OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success, +NULL on error. + d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error. i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID() diff --git a/doc/man3/OSSL_CMP_exec_IR_ses.pod b/doc/man3/OSSL_CMP_exec_certreq.pod similarity index 78% rename from doc/man3/OSSL_CMP_exec_IR_ses.pod rename to doc/man3/OSSL_CMP_exec_certreq.pod index 22d8e87cad..098b60ae61 100644 --- a/doc/man3/OSSL_CMP_exec_IR_ses.pod +++ b/doc/man3/OSSL_CMP_exec_certreq.pod @@ -2,6 +2,7 @@ =head1 NAME +OSSL_CMP_exec_certreq, OSSL_CMP_exec_IR_ses, OSSL_CMP_exec_CR_ses, OSSL_CMP_exec_P10CR_ses, @@ -20,6 +21,8 @@ OSSL_CMP_certConf_cb #include + X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm); X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx); @@ -28,7 +31,8 @@ OSSL_CMP_certConf_cb #define OSSL_CMP_CR #define OSSL_CMP_P10CR #define OSSL_CMP_KUR - int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter); + int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm, int *checkAfter); int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **text); X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); @@ -43,8 +47,6 @@ All functions take a populated OSSL_CMP_CTX structure as their first argument. Usually the server name, port, and path ("CMP alias") need to be set, as well as credentials the client can use for authenticating itself to the client. In order to authenticate the server the client typically needs a trust store. -For performing certificate enrollment requests the certificate template needs -to be sufficiently filled in, giving at least the subject name and key. The functions return their respective main results directly, while there are also accessor functions for retrieving various results and status information from the B. See L etc. for details. @@ -61,21 +63,30 @@ OSSL_CMP_exec_P10CR_ses() conveys a legacy PKCS#10 CSR requesting a certificate. OSSL_CMP_exec_KUR_ses() obtains an updated certificate. -All these four types of certificate enrollment may be blocked by sleeping until the -CAs or an intermedate PKI component can fully process and answer the request. - -OSSL_CMP_try_certreq() is an alternative to these four functions that is -more uniform regarding the type of the certificate request to use and +These four types of certificate enrollment are implemented as macros +calling OSSL_CMP_exec_certreq(). + +OSSL_CMP_exec_certreq() performs a certificate request of the type specified +by the B parameter, which may be IR, CR, P10CR, or KUR. +For IR, CR, and KUR, the certificate template to be used in the request +may be supplied via the B parameter pointing to a CRMF structure. +Typically B is NULL, then the template ingredients are taken from B +and need to be filled in using L, +L, L, etc. +For P10CR, L needs to be used instead. +The enrollment session may be blocked by sleeping until the addressed +CA (or an intermedate PKI component) can fully process and answer the request. + +OSSL_CMP_try_certreq() is an alternative to the above functions that is more flexible regarding what to do after receiving a checkAfter value. When called for the first time (with no certificate request in progress for the given B) it starts a new transaction by sending a certificate request -of the given type, -which may be IR, CR, P10CR, or KUR as specified by the B parameter. +constructed as stated above using the B and optional B parameter. Otherwise (when according to B a 'waiting' status has been received before) it continues polling for the pending request unless the B argument is < 0, which aborts the request. If the requested certificate is available the function returns 1 and the -caller can use B to retrieve the new certificate. +caller can use L to retrieve the new certificate. If no error occurred but no certificate is available yet then OSSL_CMP_try_certreq() remembers in the CMP context that it should be retried and returns -1 after assigning the received checkAfter value @@ -121,17 +132,17 @@ So far the CMP client implementation is limited to one request per CMP message =head1 RETURN VALUES -OSSL_CMP_exec_IR_ses(), OSSL_CMP_exec_CR_ses(), +OSSL_CMP_exec_certreq(), OSSL_CMP_exec_IR_ses(), OSSL_CMP_exec_CR_ses(), OSSL_CMP_exec_P10CR_ses(), and OSSL_CMP_exec_KUR_ses() return a pointer to the newly obtained X509 certificate on success, B on error. This pointer will be freed implicitly by OSSL_CMP_CTX_free() or CSSL_CMP_CTX_reinit(). OSSL_CMP_try_certreq() returns 1 if the requested certificate is available -via B +via L or on successfully aborting a pending certificate request, 0 on error, and -1 in case a 'waiting' status has been received and checkAfter value is available. -In the latter case B yields NULL +In the latter case L yields NULL and the output parameter B has been used to assign the received value unless B is NULL. @@ -154,7 +165,11 @@ functions. =head1 SEE ALSO -L, L +L, L, +L, L, +L, L, +L, L, +L =head1 HISTORY diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod index 3bf5c06811..6370325028 100644 --- a/doc/man3/OSSL_CMP_validate_msg.pod +++ b/doc/man3/OSSL_CMP_validate_msg.pod @@ -61,7 +61,7 @@ return 1 on success, 0 on error or validation failed. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index d348acdfd2..18ba40cee6 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -152,6 +152,7 @@ OSSL_CRMF_ENCRYPTEDVALUE_new, OSSL_CRMF_MSGS_free, OSSL_CRMF_MSGS_it, OSSL_CRMF_MSGS_new, +OSSL_CRMF_MSG_dup, OSSL_CRMF_MSG_free, OSSL_CRMF_MSG_it, OSSL_CRMF_MSG_new, diff --git a/fuzz/cmp.c b/fuzz/cmp.c index 100350ebfe..a63ef9c238 100644 --- a/fuzz/cmp.c +++ b/fuzz/cmp.c @@ -84,7 +84,7 @@ static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) break; case OSSL_CMP_PKIBODY_POLLREP: ctx->status = OSSL_CMP_PKISTATUS_waiting; - (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL); + (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL, NULL); break; case OSSL_CMP_PKIBODY_RP: (void)OSSL_CMP_exec_RR_ses(ctx); diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index 9bd576cf1e..378cda641d 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -354,6 +354,7 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -417,15 +418,22 @@ int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, int val); /* from cmp_client.c */ -X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx); -X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx); -X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx); -X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx); -# define OSSL_CMP_IR OSSL_CMP_PKIBODY_IR -# define OSSL_CMP_CR OSSL_CMP_PKIBODY_CR -# define OSSL_CMP_P10CR OSSL_CMP_PKIBODY_P10CR -# define OSSL_CMP_KUR OSSL_CMP_PKIBODY_KUR -int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter); +X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm); +# define OSSL_CMP_IR 0 +# define OSSL_CMP_CR 2 +# define OSSL_CMP_P10CR 4 +# define OSSL_CMP_KUR 7 +# define OSSL_CMP_exec_IR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) +# define OSSL_CMP_exec_CR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) +# define OSSL_CMP_exec_P10CR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) +# define OSSL_CMP_exec_KUR_ses(ctx) \ + OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) +int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, + const OSSL_CRMF_MSG *crm, int *checkAfter); int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, const char **text); X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index d220e55c5e..f18ba386bc 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -51,13 +51,10 @@ int ERR_load_CMP_strings(void); # define CMP_R_ERROR_CALCULATING_PROTECTION 115 # define CMP_R_ERROR_CREATING_CERTCONF 116 # define CMP_R_ERROR_CREATING_CERTREP 117 -# define CMP_R_ERROR_CREATING_CR 163 +# define CMP_R_ERROR_CREATING_CERTREQ 163 # define CMP_R_ERROR_CREATING_ERROR 118 # define CMP_R_ERROR_CREATING_GENM 119 # define CMP_R_ERROR_CREATING_GENP 120 -# define CMP_R_ERROR_CREATING_IR 164 -# define CMP_R_ERROR_CREATING_KUR 165 -# define CMP_R_ERROR_CREATING_P10CR 121 # define CMP_R_ERROR_CREATING_PKICONF 122 # define CMP_R_ERROR_CREATING_POLLREP 123 # define CMP_R_ERROR_CREATING_POLLREQ 124 @@ -77,6 +74,7 @@ int ERR_load_CMP_strings(void); # define CMP_R_INVALID_OPTION 174 # define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 # define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 +# define CMP_R_MISSING_P10CSR 121 # define CMP_R_MISSING_PRIVATE_KEY 131 # define CMP_R_MISSING_PROTECTION 143 # define CMP_R_MISSING_REFERENCE_CERT 168 diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index bf9c1c6159..bf0e32d499 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -43,6 +43,7 @@ typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_MSG) typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index 2f7fbf7b1e..d305eb5610 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -28,8 +28,8 @@ typedef struct test_fixture { const char *test_case_name; OSSL_CMP_CTX *cmp_ctx; OSSL_CMP_SRV_CTX *srv_ctx; + int req_type; int expected; - X509 *(*exec_cert_ses_cb) (OSSL_CMP_CTX *); STACK_OF(X509) *caPubs; } CMP_SES_TEST_FIXTURE; @@ -81,7 +81,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert) || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) goto err; - fixture->exec_cert_ses_cb = NULL; + fixture->req_type = -1; return fixture; err: @@ -107,13 +107,13 @@ static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture) { - X509 *res; + X509 *res = OSSL_CMP_exec_certreq(fixture->cmp_ctx, + fixture->req_type, NULL); if (fixture->expected == 0) - return TEST_ptr_null(fixture->exec_cert_ses_cb(fixture->cmp_ctx)); + return TEST_ptr_null(res); - if (!TEST_ptr(res = fixture->exec_cert_ses_cb(fixture->cmp_ctx)) - || !TEST_int_eq(X509_cmp(res, client_cert), 0)) + if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0)) return 0; /* TODO: check that cerfConf has been exchanged unless implicitConfirm */ if (fixture->caPubs != NULL) { @@ -150,7 +150,7 @@ static int test_exec_RR_ses_receive_error(void) static int test_exec_IR_ses(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_IR_ses; + fixture->req_type = OSSL_CMP_IR; fixture->expected = 1; fixture->caPubs = sk_X509_new_null(); sk_X509_push(fixture->caPubs, server_cert); @@ -164,7 +164,7 @@ static const int checkAfter = 1; static int test_exec_IR_ses_poll(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_IR_ses; + fixture->req_type = OSSL_CMP_IR; fixture->expected = 1; ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 2); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter); @@ -179,7 +179,7 @@ static int test_exec_IR_ses_poll_timeout(void) const int tout = pollCount * checkAfter; SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_IR_ses; + fixture->req_type = OSSL_CMP_IR; fixture->expected = 0; ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, pollCount + 1); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter); @@ -192,7 +192,7 @@ static int test_exec_IR_ses_poll_timeout(void) static int test_exec_CR_ses(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_CR_ses; + fixture->req_type = OSSL_CMP_CR; fixture->expected = 1; EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; @@ -201,7 +201,7 @@ static int test_exec_CR_ses(void) static int test_exec_CR_ses_implicit_confirm(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_CR_ses; + fixture->req_type = OSSL_CMP_CR; fixture->expected = 1; OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM, 1); @@ -213,7 +213,7 @@ static int test_exec_CR_ses_implicit_confirm(void) static int test_exec_KUR_ses(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_KUR_ses; + fixture->req_type = OSSL_CMP_KUR; fixture->expected = 1; EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; @@ -224,7 +224,7 @@ static int test_exec_P10CR_ses(void) X509_REQ *req = NULL; SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->exec_cert_ses_cb = OSSL_CMP_exec_P10CR_ses; + fixture->req_type = OSSL_CMP_P10CR; fixture->expected = 1; if (!TEST_ptr(req = load_csr(pkcs10_f)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) { @@ -245,13 +245,14 @@ static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture) ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); - return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, &check_after)) + return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) && check_after == CHECK_AFTER && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) - && TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, &check_after)) + && TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) && check_after == CHECK_AFTER && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) - && TEST_int_eq(fixture->expected, OSSL_CMP_try_certreq(ctx, TYPE, NULL)) + && TEST_int_eq(fixture->expected, + OSSL_CMP_try_certreq(ctx, TYPE, NULL, NULL)) && TEST_int_eq(0, X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); } @@ -273,10 +274,11 @@ static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture) ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); - return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, &check_after)) + return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) && check_after == CHECK_AFTER && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) - && TEST_int_eq(fixture->expected, OSSL_CMP_try_certreq(ctx, -1, NULL)) + && TEST_int_eq(fixture->expected, + OSSL_CMP_try_certreq(ctx, -1, NULL, NULL)) && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL); } diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index ca03dc23e3..92989f95e1 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -84,9 +84,9 @@ static X509 *cert = NULL; */ static int execute_certreq_create_test(CMP_MSG_TEST_FIXTURE *fixture) { - EXECUTE_MSG_CREATION_TEST(ossl_cmp_certReq_new(fixture->cmp_ctx, + EXECUTE_MSG_CREATION_TEST(ossl_cmp_certreq_new(fixture->cmp_ctx, fixture->bodytype, - fixture->err_code)); + NULL)); } static int execute_errormsg_create_test(CMP_MSG_TEST_FIXTURE *fixture) @@ -218,7 +218,7 @@ static int test_cmp_create_p10cr(void) X509_REQ *p10cr = NULL; fixture->bodytype = OSSL_CMP_PKIBODY_P10CR; - fixture->err_code = CMP_R_ERROR_CREATING_P10CR; + fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ; fixture->expected = 1; if (!TEST_ptr(p10cr = load_csr(pkcs10_f)) || !TEST_true(set1_newPkey(ctx, newkey)) @@ -235,7 +235,7 @@ static int test_cmp_create_p10cr_null(void) { SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); fixture->bodytype = OSSL_CMP_PKIBODY_P10CR; - fixture->err_code = CMP_R_ERROR_CREATING_P10CR; + fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ; fixture->expected = 0; if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { tear_down(fixture); diff --git a/util/libcrypto.num b/util/libcrypto.num index a4642f1973..d53d04afa6 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4498,6 +4498,7 @@ OSSL_CRMF_ENCRYPTEDVALUE_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_it ? 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_MSG ? 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_MSG ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_dup ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_free ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_new ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_it ? 3_0_0 EXIST::FUNCTION:CRMF @@ -4902,6 +4903,7 @@ RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_new_from_name ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_new_from_pkey ? 3_0_0 EXIST::FUNCTION: @@ -4985,10 +4987,7 @@ OSSL_CMP_SRV_CTX_set_send_unprotected_errors ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_SRV_CTX_set_accept_unprotected ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_SRV_CTX_set_accept_raverified ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_SRV_CTX_set_grant_implicit_confirm ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_IR_ses ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_CR_ses ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_P10CR_ses ? 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_KUR_ses ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_exec_certreq ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_try_certreq ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_certConf_cb ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_exec_RR_ses ? 3_0_0 EXIST::FUNCTION:CMP diff --git a/util/other.syms b/util/other.syms index a623ff5e77..38ad3d3a33 100644 --- a/util/other.syms +++ b/util/other.syms @@ -368,6 +368,10 @@ OpenSSL_add_all_algorithms define deprecated 1.1.0 OpenSSL_add_all_ciphers define deprecated 1.1.0 OpenSSL_add_all_digests define deprecated 1.1.0 OpenSSL_add_ssl_algorithms define +OSSL_CMP_exec_IR_ses define +OSSL_CMP_exec_CR_ses define +OSSL_CMP_exec_P10CR_ses define +OSSL_CMP_exec_KUR_ses define OSSL_CMP_CTX_set_log_verbosity define OSSL_CMP_CR define OSSL_CMP_IR define From matt at openssl.org Thu Jul 30 08:37:48 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 30 Jul 2020 08:37:48 +0000 Subject: [openssl] master update Message-ID: <1596098268.324605.29597.nullmailer@dev.openssl.org> The branch master has been updated via b8ea8d3912006223891a621a7bff19225e93469d (commit) from 593d6554f87310f3184c2f45d71c09975ffe9f53 (commit) - Log ----------------------------------------------------------------- commit b8ea8d3912006223891a621a7bff19225e93469d Author: Matt Caswell Date: Tue Jul 28 16:47:03 2020 +0100 Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily The only reason we should fallback to legacy codepaths in DigestSignInit/ DigestVerifyInit, is if we have an engine, or we have a legacy algorithm that does not (yet) have a provider based equivalent (e.g. SM2, HMAC, etc). Currently we were falling back even if we have a suitable key manager but the export of the key fails. This might be for legitimate reasons (e.g. we only have the FIPS provider, but we're trying to export a brainpool key). In those circumstances we don't want to fallback to the legacy code. Therefore we tighten then checks for falling back to legacy. Eventually this particular fallback can be removed entirely (once all legacy algorithms have provider based key managers). Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12550) ----------------------------------------------------------------------- Summary of changes: crypto/evp/m_sigver.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 44e7cab1af..8d37f19d6c 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -85,13 +85,25 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, /* * Ensure that the key is provided, either natively, or as a cached export. - * If not, go legacy */ tmp_keymgmt = locpctx->keymgmt; provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx, &tmp_keymgmt, locpctx->propquery); - if (provkey == NULL) - goto legacy; + if (provkey == NULL) { + /* + * If we couldn't find a keymgmt at all try legacy. + * TODO(3.0): Once all legacy algorithms (SM2, HMAC etc) have provider + * based implementations this fallback shouldn't be necessary. Either + * we have an ENGINE based implementation (in which case we should have + * already fallen back in the test above here), or we don't have the + * provider based implementation loaded (in which case this is an + * application config error) + */ + if (locpctx->keymgmt == NULL) + goto legacy; + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); From builds at travis-ci.com Thu Jul 30 09:00:05 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 30 Jul 2020 09:00:05 +0000 Subject: Still Failing: openssl/openssl#36420 (master - 593d655) In-Reply-To: Message-ID: <5f228c1512e55_13f93907a8df879242@travis-pro-tasks-74b6c94699-2jvcw.mail> Build Update for openssl/openssl ------------------------------------- Build: #36420 Status: Still Failing Duration: 1 hr, 19 mins, and 50 secs Commit: 593d655 (master) Author: Dr. David von Oheimb Message: Export crm_new() of cmp_msg.c under the name OSSL_CMP_CTX_setup_CRM() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12431) View the changeset: https://github.com/openssl/openssl/compare/cfae32c69a0d...593d6554f873 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177758333?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Jul 30 09:14:49 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 30 Jul 2020 09:14:49 +0000 Subject: [openssl] master update Message-ID: <1596100489.307452.3163.nullmailer@dev.openssl.org> The branch master has been updated via adf3f83e5227206a011ca1bca3ef9f63709fb96e (commit) from b8ea8d3912006223891a621a7bff19225e93469d (commit) - Log ----------------------------------------------------------------- commit adf3f83e5227206a011ca1bca3ef9f63709fb96e Author: Matt Caswell Date: Wed Jul 29 13:58:18 2020 +0100 Fix test_cmp_cli for extended tests The test_cmp_cli was failing in the extended tests on cross-compiled mingw builds. This was due to the test not using wine when it should do. The simplest solution is to just skip the test in this case. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12555) ----------------------------------------------------------------------- Summary of changes: test/recipes/81-test_cmp_cli.t | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 009cdcc4d8..51b4baf6a5 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -34,6 +34,8 @@ plan skip_all => "These tests are not supported in a no-ec build" plan skip_all => "Tests involving CMP server not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32)$/; +plan skip_all => "Tests involving CMP server not available in cross-compile builds" + if defined $ENV{EXE_SHELL}; plan skip_all => "Tests involving CMP server require 'kill' command" unless `which kill`; plan skip_all => "Tests involving CMP server require 'lsof' command" From openssl at openssl.org Thu Jul 30 09:58:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 09:58:42 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1596103122.651622.2889.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From pauli at openssl.org Thu Jul 30 10:16:58 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 30 Jul 2020 10:16:58 +0000 Subject: [openssl] master update Message-ID: <1596104218.952028.13200.nullmailer@dev.openssl.org> The branch master has been updated via a3f15e237c0325718f488ebf9a242c031f4f864e (commit) via dfc0857d8191d43be320f4ba472b7c782248a35d (commit) via aa97970c1a69ae15b4191aa58cdb56e016f15922 (commit) from adf3f83e5227206a011ca1bca3ef9f63709fb96e (commit) - Log ----------------------------------------------------------------- commit a3f15e237c0325718f488ebf9a242c031f4f864e Author: Pauli Date: Mon Jul 27 14:47:59 2020 +1000 deserialisation: add deserialisation to the base provider Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12104) commit dfc0857d8191d43be320f4ba472b7c782248a35d Author: Pauli Date: Thu Jun 11 09:08:01 2020 +1000 serialisation: Add a built-in base provider. Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12104) commit aa97970c1a69ae15b4191aa58cdb56e016f15922 Author: Pauli Date: Thu Jun 11 09:42:34 2020 +1000 unify spelling of serialize Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12104) ----------------------------------------------------------------------- Summary of changes: apps/list.c | 146 +++++++++++++++++- apps/s_server.c | 2 +- crypto/bn/bn_mont.c | 2 +- crypto/ec/curve448/eddsa.c | 2 +- crypto/ec/ecp_nistp256.c | 4 +- crypto/ec/ecp_nistp521.c | 4 +- crypto/provider_predefined.c | 2 + doc/man1/openssl-list.pod.in | 16 ++ doc/man7/OSSL_PROVIDER-base.pod | 96 ++++++++++++ doc/man7/OSSL_PROVIDER-default.pod | 9 +- doc/man7/provider.pod | 8 + include/openssl/ct.h | 2 +- include/openssl/dsa.h | 2 +- providers/baseprov.c | 170 +++++++++++++++++++++ providers/build.info | 10 ++ providers/defltprov.c | 163 ++------------------ .../ciphers/cipher_aes_cts.h => deserializers.inc} | 12 +- providers/serializers.inc | 102 +++++++++++++ ssl/s3_cbc.c | 2 +- 19 files changed, 580 insertions(+), 174 deletions(-) create mode 100644 doc/man7/OSSL_PROVIDER-base.pod create mode 100644 providers/baseprov.c copy providers/{implementations/ciphers/cipher_aes_cts.h => deserializers.inc} (56%) create mode 100644 providers/serializers.inc diff --git a/apps/list.c b/apps/list.c index b58871b1c5..69a516763c 100644 --- a/apps/list.c +++ b/apps/list.c @@ -16,6 +16,9 @@ #include #include #include +#include +#include +#include #include "apps.h" #include "app_params.h" #include "progs.h" @@ -351,6 +354,127 @@ static void list_random_generators(void) sk_EVP_RAND_pop_free(rands, EVP_RAND_free); } +/* + * Serializers + */ +DEFINE_STACK_OF(OSSL_SERIALIZER) +static int serializer_cmp(const OSSL_SERIALIZER * const *a, + const OSSL_SERIALIZER * const *b) +{ + int ret = OSSL_SERIALIZER_number(*a) - OSSL_SERIALIZER_number(*b); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(OSSL_SERIALIZER_provider(*a)), + OSSL_PROVIDER_name(OSSL_SERIALIZER_provider(*b))); + return ret; +} + +static void collect_serializers(OSSL_SERIALIZER *serializer, void *stack) +{ + STACK_OF(OSSL_SERIALIZER) *serializer_stack = stack; + + sk_OSSL_SERIALIZER_push(serializer_stack, serializer); + OSSL_SERIALIZER_up_ref(serializer); +} + +static void list_serializers(void) +{ + STACK_OF(OSSL_SERIALIZER) *serializers; + int i; + + serializers = sk_OSSL_SERIALIZER_new(serializer_cmp); + if (serializers == NULL) { + BIO_printf(bio_err, "ERROR: Memory allocation\n"); + return; + } + BIO_printf(bio_out, "Provided SERIALIZERs:\n"); + OSSL_SERIALIZER_do_all_provided(NULL, collect_serializers, serializers); + sk_OSSL_SERIALIZER_sort(serializers); + + for (i = 0; i < sk_OSSL_SERIALIZER_num(serializers); i++) { + OSSL_SERIALIZER *k = sk_OSSL_SERIALIZER_value(serializers, i); + STACK_OF(OPENSSL_CSTRING) *names = + sk_OPENSSL_CSTRING_new(name_cmp); + + OSSL_SERIALIZER_names_do_all(k, collect_names, names); + + BIO_printf(bio_out, " "); + print_names(bio_out, names); + BIO_printf(bio_out, " @ %s (%s)\n", + OSSL_PROVIDER_name(OSSL_SERIALIZER_provider(k)), + OSSL_SERIALIZER_properties(k)); + + sk_OPENSSL_CSTRING_free(names); + + if (verbose) { + print_param_types("settable operation parameters", + OSSL_SERIALIZER_settable_ctx_params(k), 4); + } + } + sk_OSSL_SERIALIZER_pop_free(serializers, OSSL_SERIALIZER_free); +} + +/* + * Deserializers + */ +DEFINE_STACK_OF(OSSL_DESERIALIZER) +static int deserializer_cmp(const OSSL_DESERIALIZER * const *a, + const OSSL_DESERIALIZER * const *b) +{ + int ret = OSSL_DESERIALIZER_number(*a) - OSSL_DESERIALIZER_number(*b); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(OSSL_DESERIALIZER_provider(*a)), + OSSL_PROVIDER_name(OSSL_DESERIALIZER_provider(*b))); + return ret; +} + +static void collect_deserializers(OSSL_DESERIALIZER *deserializer, void *stack) +{ + STACK_OF(OSSL_DESERIALIZER) *deserializer_stack = stack; + + sk_OSSL_DESERIALIZER_push(deserializer_stack, deserializer); + OSSL_DESERIALIZER_up_ref(deserializer); +} + +static void list_deserializers(void) +{ + STACK_OF(OSSL_DESERIALIZER) *deserializers; + int i; + + deserializers = sk_OSSL_DESERIALIZER_new(deserializer_cmp); + if (deserializers == NULL) { + BIO_printf(bio_err, "ERROR: Memory allocation\n"); + return; + } + BIO_printf(bio_out, "Provided DESERIALIZERs:\n"); + OSSL_DESERIALIZER_do_all_provided(NULL, collect_deserializers, + deserializers); + sk_OSSL_DESERIALIZER_sort(deserializers); + + for (i = 0; i < sk_OSSL_DESERIALIZER_num(deserializers); i++) { + OSSL_DESERIALIZER *k = sk_OSSL_DESERIALIZER_value(deserializers, i); + STACK_OF(OPENSSL_CSTRING) *names = + sk_OPENSSL_CSTRING_new(name_cmp); + + OSSL_DESERIALIZER_names_do_all(k, collect_names, names); + + BIO_printf(bio_out, " "); + print_names(bio_out, names); + BIO_printf(bio_out, " @ %s (%s)\n", + OSSL_PROVIDER_name(OSSL_DESERIALIZER_provider(k)), + OSSL_DESERIALIZER_properties(k)); + + sk_OPENSSL_CSTRING_free(names); + + if (verbose) { + print_param_types("settable operation parameters", + OSSL_DESERIALIZER_settable_ctx_params(k), 4); + } + } + sk_OSSL_DESERIALIZER_pop_free(deserializers, OSSL_DESERIALIZER_free); +} + static void list_missing_help(void) { const FUNCTION *fp; @@ -697,7 +821,9 @@ typedef enum HELPLIST_CHOICE { OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, - OPT_KDF_ALGORITHMS, OPT_RANDOM_GENERATORS, OPT_MISSING_HELP, OPT_OBJECTS, + OPT_KDF_ALGORITHMS, OPT_RANDOM_GENERATORS, OPT_SERIALIZERS, + OPT_DESERIALIZERS, + OPT_MISSING_HELP, OPT_OBJECTS, #ifndef OPENSSL_NO_DEPRECATED_3_0 OPT_ENGINES, #endif @@ -727,6 +853,9 @@ const OPTIONS list_options[] = { {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"}, {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', "List of cipher algorithms"}, + {"serializers", OPT_SERIALIZERS, '-', "List of serialization methods" }, + {"deserializers", OPT_DESERIALIZERS, '-', + "List of deserialization methods" }, {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', "List of public key algorithms"}, #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -735,8 +864,7 @@ const OPTIONS list_options[] = { {"engines", OPT_ENGINES, '-', "List of loaded engines"}, #endif - {"disabled", OPT_DISABLED, '-', - "List of disabled features"}, + {"disabled", OPT_DISABLED, '-', "List of disabled features"}, {"missing-help", OPT_MISSING_HELP, '-', "List missing detailed help strings"}, {"options", OPT_OPTIONS, 's', @@ -762,6 +890,8 @@ int list_main(int argc, char **argv) unsigned int mac_algorithms:1; unsigned int cipher_commands:1; unsigned int cipher_algorithms:1; + unsigned int serializer_algorithms:1; + unsigned int deserializer_algorithms:1; unsigned int pk_algorithms:1; unsigned int pk_method:1; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -813,6 +943,12 @@ opthelp: case OPT_CIPHER_ALGORITHMS: todo.cipher_algorithms = 1; break; + case OPT_SERIALIZERS: + todo.serializer_algorithms = 1; + break; + case OPT_DESERIALIZERS: + todo.deserializer_algorithms = 1; + break; case OPT_PK_ALGORITHMS: todo.pk_algorithms = 1; break; @@ -867,6 +1003,10 @@ opthelp: list_type(FT_cipher, one); if (todo.cipher_algorithms) list_ciphers(); + if (todo.serializer_algorithms) + list_serializers(); + if (todo.deserializer_algorithms) + list_deserializers(); if (todo.pk_algorithms) list_pkey(); #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/apps/s_server.c b/apps/s_server.c index 15d479ce0e..5f16dcdea4 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -3647,7 +3647,7 @@ static int generate_session_id(SSL *ssl, unsigned char *id, /* * By default s_server uses an in-memory cache which caches SSL_SESSION - * structures without any serialisation. This hides some bugs which only + * structures without any serialization. This hides some bugs which only * become apparent in deployed servers. By implementing a basic external * session cache some issues can be debugged using s_server. */ diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 6e6848c647..778b45244c 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -437,7 +437,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, return ret; /* - * We don't want to serialise globally while doing our lazy-init math in + * We don't want to serialize globally while doing our lazy-init math in * BN_MONT_CTX_set. That punishes threads that are doing independent * things. Instead, punish the case where more than one thread tries to * lazy-init the same 'pmont', by having each do the lazy-init math work diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index d8c2f88218..f4fbaf7539 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -169,7 +169,7 @@ c448_error_t c448_ed448_sign( { /* - * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialised + * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialized * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed. */ uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2]; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index fb9b22554d..8bf25e389e 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -59,7 +59,7 @@ typedef uint64_t u64; /* * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We - * can serialise an element of this field into 32 bytes. We call this an + * can serialize an element of this field into 32 bytes. We call this an * felem_bytearray. */ @@ -138,7 +138,7 @@ static void bin32_to_felem(felem out, const u8 in[32]) } /* - * smallfelem_to_bin32 takes a smallfelem and serialises into a little + * smallfelem_to_bin32 takes a smallfelem and serializes into a little * endian, 32 byte array. This assumes that the CPU is little-endian. */ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 0e7f1dae3b..455885aa09 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -55,7 +55,7 @@ typedef uint8_t u8; typedef uint64_t u64; /* - * The underlying field. P521 operates over GF(2^521-1). We can serialise an + * The underlying field. P521 operates over GF(2^521-1). We can serialize an * element of this field into 66 bytes where the most significant byte * contains only a single bit. We call this an felem_bytearray. */ @@ -156,7 +156,7 @@ static void bin66_to_felem(felem out, const u8 in[66]) } /* - * felem_to_bin66 takes an felem and serialises into a little endian, 66 byte + * felem_to_bin66 takes an felem and serializes into a little endian, 66 byte * array. This assumes that the CPU is little-endian. */ static void felem_to_bin66(u8 out[66], const felem in) diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c index d1c3a6e024..6acf2ea1af 100644 --- a/crypto/provider_predefined.c +++ b/crypto/provider_predefined.c @@ -11,6 +11,7 @@ #include "provider_local.h" OSSL_provider_init_fn ossl_default_provider_init; +OSSL_provider_init_fn ossl_base_provider_init; OSSL_provider_init_fn ossl_null_provider_init; OSSL_provider_init_fn fips_intern_provider_init; #ifdef STATIC_LEGACY @@ -24,6 +25,7 @@ const struct predefined_providers_st predefined_providers[] = { # ifdef STATIC_LEGACY { "legacy", ossl_legacy_provider_init, 0 }, # endif + { "base", ossl_base_provider_init, 0 }, { "null", ossl_null_provider_init, 0 }, #endif { NULL, NULL, 0 } diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in index e13b6c34cf..df970a0959 100644 --- a/doc/man1/openssl-list.pod.in +++ b/doc/man1/openssl-list.pod.in @@ -19,6 +19,8 @@ B [B<-random-generators>] [B<-cipher-commands>] [B<-cipher-algorithms>] +[B<-serializers>] +[B<-deserializers>] [B<-public-key-algorithms>] {- output_off() if $disabled{"deprecated-3.0"}; "" -}[B<-public-key-methods>] @@ -79,7 +81,21 @@ information on what parameters each implementation supports. =item B<-random-generators> Display a list of random number generators. +See L for a description of how names are +displayed. + +=item B<-serializers> + +Display a list of serializers. +See L for a description of how names are +displayed. + +In verbose mode, the algorithms provided by a provider will get additional +information on what parameters each implementation supports. + +=item B<-deserializers> +Display a list of deserializers. See L for a description of how names are displayed. diff --git a/doc/man7/OSSL_PROVIDER-base.pod b/doc/man7/OSSL_PROVIDER-base.pod new file mode 100644 index 0000000000..5896c5a91e --- /dev/null +++ b/doc/man7/OSSL_PROVIDER-base.pod @@ -0,0 +1,96 @@ +=pod + +=head1 NAME + +OSSL_PROVIDER-base - OpenSSL base provider + +=head1 DESCRIPTION + +The OpenSSL base provider supplies the serialization for OpenSSL's +asymmetric cryptography. + +=head2 Properties + +The implementations in this provider specifically have this property +defined: + +=over 4 + +=item "provider=base" + +=back + +It may be used in a property query string with fetching functions. + +It isn't mandatory to query for this property, except to make sure to get +implementations of this provider and none other. + +=over 4 + +=item "type=parameters" + +=item "type=private" + +=item "type=public" + +=back + +These may be used in a property query string with fetching functions to select +which data are to be serialized. Either the private key material, the public +key material or the domain parameters can be selected. + +=over 4 + +=item "format=der" + +=item "format=pem" + +=item "format=text" + +=back + +These may be used in a property query string with fetching functions to select +the serialization output format. Either the DER, PEM and plaintext are +currently permitted. + +=head1 OPERATIONS AND ALGORITHMS + +The OpenSSL base provider supports these operations and algorithms: + +=head2 Asymmetric Key Serializer + +In addition to "provider=base", some of these serializers define the +property "fips=yes", to allow them to be used together with the FIPS +provider. + +=over 4 + +=item RSA, see L + +=item DH, see L + +=item DSA, see L + +=item EC, see L + +=item X25519, see L + +=item X448, see L + +=back + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index d9a51dce00..5fe7dbde8c 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -192,9 +192,9 @@ The OpenSSL default provider supports these operations and algorithms: =head2 Asymmetric Key Serializer -In addition to "provider=default", this set of implementations define the -property "fips=yes", to allow them to be used together with the FIPS -provider. +The default provider also includes all of the serialization algorithms +present in the base provider. Some of these have the property "fips=yes", +to allow them to be used together with the FIPS provider. =over 4 @@ -214,7 +214,8 @@ provider. =head1 SEE ALSO -L, L, L +L, L, L, +L =head1 COPYRIGHT diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod index 08edb4a1dd..62ff8695f1 100644 --- a/doc/man7/provider.pod +++ b/doc/man7/provider.pod @@ -268,6 +268,14 @@ algorithm identifier to the appropriate fetching function. The default provider is built in as part of the F library. Should it be needed (if other providers are loaded and offer implementations of the same algorithms), the property "provider=default" +can be used as a search criterion for these implementations. The default +provider includes all the functionality of the base provider below. + +=head2 Base provider + +The base provider is built in as part of the F library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=base" can be used as a search criterion for these implementations. Some non-cryptographic algorithms (such as serializers for loading keys and parameters from files) are not FIPS algorithm implementations in themselves but diff --git a/include/openssl/ct.h b/include/openssl/ct.h index 280f7ceecf..a69c986f06 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -331,7 +331,7 @@ __owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, /********************************* - * SCT parsing and serialisation * + * SCT parsing and serialization * *********************************/ /* diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index a7d32eee98..915870acbf 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -76,7 +76,7 @@ typedef struct DSA_SIG_st DSA_SIG; /* * TODO(3.0): consider removing the ASN.1 encoding and decoding when - * deserialisation is completed elsewhere. + * deserialization is completed elsewhere. */ # define d2i_DSAparams_fp(fp, x) \ (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ diff --git a/providers/baseprov.c b/providers/baseprov.c new file mode 100644 index 0000000000..917bf680d4 --- /dev/null +++ b/providers/baseprov.c @@ -0,0 +1,170 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include "prov/bio.h" +#include "prov/provider_ctx.h" +#include "prov/providercommon.h" +#include "prov/implementations.h" +#include "prov/provider_util.h" +#include "internal/nelem.h" + +/* + * Forward declarations to ensure that interface functions are correctly + * defined. + */ +static OSSL_FUNC_provider_gettable_params_fn base_gettable_params; +static OSSL_FUNC_provider_get_params_fn base_get_params; +static OSSL_FUNC_provider_query_operation_fn base_query; + +/* Functions provided by the core */ +static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL; +static OSSL_FUNC_core_get_params_fn *c_get_params = NULL; + +/* Parameters we provide to the core */ +static const OSSL_PARAM base_param_types[] = { + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *base_gettable_params(void *provctx) +{ + return base_param_types; +} + +static int base_get_params(void *provctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); + if (p != NULL + && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Base Provider")) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) + return 0; + + return 1; +} + +static const OSSL_ALGORITHM base_serializer[] = { +#define SER(name, fips, format, type, func_table) \ + { name, \ + "provider=base,fips=" fips ",format=" format ",type=" type, \ + (func_table) } + +#include "serializers.inc" + { NULL, NULL, NULL } +}; +#undef SER + +static const OSSL_ALGORITHM base_deserializer[] = { +#define DESER(name, fips, input, func_table) \ + { name, \ + "provider=base,fips=" fips ",input=" input, \ + (func_table) } + +#include "deserializers.inc" + { NULL, NULL, NULL } +}; +#undef DESER + +static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id, + int *no_cache) +{ + *no_cache = 0; + switch (operation_id) { + case OSSL_OP_SERIALIZER: + return base_serializer; + case OSSL_OP_DESERIALIZER: + return base_deserializer; + } + return NULL; +} + +static void base_teardown(void *provctx) +{ + BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx)); + PROV_CTX_free(provctx); +} + +/* Functions we provide to the core */ +static const OSSL_DISPATCH base_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))base_teardown }, + { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, + (void (*)(void))base_gettable_params }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))base_get_params }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))base_query }, + { 0, NULL } +}; + +OSSL_provider_init_fn ossl_base_provider_init; + +int ossl_base_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, + void **provctx) +{ + OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL; + BIO_METHOD *corebiometh; + + if (!ossl_prov_bio_from_dispatch(in)) + return 0; + for (; in->function_id != 0; in++) { + switch (in->function_id) { + case OSSL_FUNC_CORE_GETTABLE_PARAMS: + c_gettable_params = OSSL_FUNC_core_gettable_params(in); + break; + case OSSL_FUNC_CORE_GET_PARAMS: + c_get_params = OSSL_FUNC_core_get_params(in); + break; + case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: + c_get_libctx = OSSL_FUNC_core_get_library_context(in); + break; + default: + /* Just ignore anything we don't understand */ + break; + } + } + + if (c_get_libctx == NULL) + return 0; + + /* + * We want to make sure that all calls from this provider that requires + * a library context use the same context as the one used to call our + * functions. We do that by passing it along in the provider context. + * + * This only works for built-in providers. Most providers should + * create their own library context. + */ + if ((*provctx = PROV_CTX_new()) == NULL + || (corebiometh = bio_prov_init_bio_method()) == NULL) { + PROV_CTX_free(*provctx); + *provctx = NULL; + return 0; + } + PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); + PROV_CTX_set0_handle(*provctx, handle); + PROV_CTX_set0_core_bio_method(*provctx, corebiometh); + + *out = base_dispatch_table; + + return 1; +} diff --git a/providers/build.info b/providers/build.info index b1bb966b70..8d82d3f911 100644 --- a/providers/build.info +++ b/providers/build.info @@ -108,6 +108,16 @@ INCLUDE[$DEFAULTGOAL]=implementations/include LIBS=$DEFAULTGOAL +# +# Base provider stuff +# +# Because the base provider is built in, it means that libcrypto +# must include all of the object files that are needed. +$BASEGOAL=../libcrypto +SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS +SOURCE[$BASEGOAL]=baseprov.c +INCLUDE[$BASEGOAL]=implementations/include + # # FIPS provider stuff # diff --git a/providers/defltprov.c b/providers/defltprov.c index 466b7908a1..fa2fadbc95 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -385,166 +385,27 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { { NULL, NULL, NULL } }; -/* - * Unlike most algorithms in the default provider, the serializers are allowed - * for use in FIPS mode because they are not FIPS relevant, and therefore have - * the "fips=yes" property. - */ static const OSSL_ALGORITHM deflt_serializer[] = { - { "RSA", "provider=default,fips=yes,format=text,type=private", - rsa_priv_text_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=text,type=public", - rsa_pub_text_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=der,type=private", - rsa_priv_der_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=der,type=public", - rsa_pub_der_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=pem,type=private", - rsa_priv_pem_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=pem,type=public", - rsa_pub_pem_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=text,type=private", - rsa_priv_text_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=text,type=public", - rsa_pub_text_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=der,type=private", - rsa_priv_der_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=der,type=public", - rsa_pub_der_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=pem,type=private", - rsa_priv_pem_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=pem,type=public", - rsa_pub_pem_serializer_functions }, - -#ifndef OPENSSL_NO_DH - { "DH", "provider=default,fips=yes,format=text,type=private", - dh_priv_text_serializer_functions }, - { "DH", "provider=default,fips=yes,format=text,type=public", - dh_pub_text_serializer_functions }, - { "DH", "provider=default,fips=yes,format=text,type=parameters", - dh_param_text_serializer_functions }, - { "DH", "provider=default,fips=yes,format=der,type=private", - dh_priv_der_serializer_functions }, - { "DH", "provider=default,fips=yes,format=der,type=public", - dh_pub_der_serializer_functions }, - { "DH", "provider=default,fips=yes,format=der,type=parameters", - dh_param_der_serializer_functions }, - { "DH", "provider=default,fips=yes,format=pem,type=private", - dh_priv_pem_serializer_functions }, - { "DH", "provider=default,fips=yes,format=pem,type=public", - dh_pub_pem_serializer_functions }, - { "DH", "provider=default,fips=yes,format=pem,type=parameters", - dh_param_pem_serializer_functions }, -#endif - -#ifndef OPENSSL_NO_DSA - { "DSA", "provider=default,fips=yes,format=text,type=private", - dsa_priv_text_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=text,type=public", - dsa_pub_text_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=text,type=parameters", - dsa_param_text_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=der,type=private", - dsa_priv_der_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=der,type=public", - dsa_pub_der_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=der,type=parameters", - dsa_param_der_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=pem,type=private", - dsa_priv_pem_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=pem,type=public", - dsa_pub_pem_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=pem,type=parameters", - dsa_param_pem_serializer_functions }, -#endif - -#ifndef OPENSSL_NO_EC - { "X25519", "provider=default,fips=yes,format=text,type=private", - x25519_priv_print_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=text,type=public", - x25519_pub_print_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=der,type=private", - x25519_priv_der_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=der,type=public", - x25519_pub_der_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=pem,type=private", - x25519_priv_pem_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=pem,type=public", - x25519_pub_pem_serializer_functions }, - - { "X448", "provider=default,format=text,type=private", - x448_priv_print_serializer_functions }, - { "X448", "provider=default,format=text,type=public", - x448_pub_print_serializer_functions }, - { "X448", "provider=default,format=der,type=private", - x448_priv_der_serializer_functions }, - { "X448", "provider=default,format=der,type=public", - x448_pub_der_serializer_functions }, - { "X448", "provider=default,format=pem,type=private", - x448_priv_pem_serializer_functions }, - { "X448", "provider=default,format=pem,type=public", - x448_pub_pem_serializer_functions }, - - { "ED25519", "provider=default,fips=yes,format=text,type=private", - ed25519_priv_print_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=text,type=public", - ed25519_pub_print_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=der,type=private", - ed25519_priv_der_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=der,type=public", - ed25519_pub_der_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=pem,type=private", - ed25519_priv_pem_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=pem,type=public", - ed25519_pub_pem_serializer_functions }, - - { "ED448", "provider=default,format=text,type=private", - ed448_priv_print_serializer_functions }, - { "ED448", "provider=default,format=text,type=public", - ed448_pub_print_serializer_functions }, - { "ED448", "provider=default,format=der,type=private", - ed448_priv_der_serializer_functions }, - { "ED448", "provider=default,format=der,type=public", - ed448_pub_der_serializer_functions }, - { "ED448", "provider=default,format=pem,type=private", - ed448_priv_pem_serializer_functions }, - { "ED448", "provider=default,format=pem,type=public", - ed448_pub_pem_serializer_functions }, - - { "EC", "provider=default,fips=yes,format=text,type=private", - ec_priv_text_serializer_functions }, - { "EC", "provider=default,fips=yes,format=text,type=public", - ec_pub_text_serializer_functions }, - { "EC", "provider=default,fips=yes,format=text,type=parameters", - ec_param_text_serializer_functions }, - { "EC", "provider=default,fips=yes,format=der,type=private", - ec_priv_der_serializer_functions }, - { "EC", "provider=default,fips=yes,format=der,type=public", - ec_pub_der_serializer_functions }, - { "EC", "provider=default,fips=yes,format=der,type=parameters", - ec_param_der_serializer_functions }, - { "EC", "provider=default,fips=yes,format=pem,type=private", - ec_priv_pem_serializer_functions }, - { "EC", "provider=default,fips=yes,format=pem,type=public", - ec_pub_pem_serializer_functions }, - { "EC", "provider=default,fips=yes,format=pem,type=parameters", - ec_param_pem_serializer_functions }, -#endif +#define SER(name, fips, format, type, func_table) \ + { name, \ + "provider=default,fips=" fips ",format=" format ",type=" type, \ + (func_table) } +#include "serializers.inc" { NULL, NULL, NULL } }; +#undef SER static const OSSL_ALGORITHM deflt_deserializer[] = { - { "RSA", "provider=default,fips=yes,input=der", - der_to_rsa_deserializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,input=der", - der_to_rsapss_deserializer_functions }, - - { "DER", "provider=default,fips=yes,input=pem", - pem_to_der_deserializer_functions }, +#define DESER(name, fips, input, func_table) \ + { name, \ + "provider=default,fips=" fips ",input=" input, \ + (func_table) } +#include "deserializers.inc" { NULL, NULL, NULL } }; +#undef DESER static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, int *no_cache) diff --git a/providers/implementations/ciphers/cipher_aes_cts.h b/providers/deserializers.inc similarity index 56% copy from providers/implementations/ciphers/cipher_aes_cts.h copy to providers/deserializers.inc index 6b0dfdd2c1..bab709d31d 100644 --- a/providers/implementations/ciphers/cipher_aes_cts.h +++ b/providers/deserializers.inc @@ -7,10 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include "crypto/evp.h" +#ifndef DESER +# error Macro DESER undefined +#endif -OSSL_FUNC_cipher_update_fn aes_cbc_cts_block_update; -OSSL_FUNC_cipher_final_fn aes_cbc_cts_block_final; - -const char *aes_cbc_cts_mode_id2name(unsigned int id); -int aes_cbc_cts_mode_name2id(const char *name); + DESER("RSA", "yes", "der", der_to_rsa_deserializer_functions), + DESER("RSA-PSS", "yes", "der", der_to_rsapss_deserializer_functions), + DESER("DER", "yes", "pem", pem_to_der_deserializer_functions), diff --git a/providers/serializers.inc b/providers/serializers.inc new file mode 100644 index 0000000000..3143ebbec5 --- /dev/null +++ b/providers/serializers.inc @@ -0,0 +1,102 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef SER +# error Macro SER undefined +#endif + + SER("RSA", "yes", "text", "private", rsa_priv_text_serializer_functions), + SER("RSA", "yes", "text", "public", rsa_pub_text_serializer_functions), + SER("RSA", "yes", "der", "private", rsa_priv_der_serializer_functions), + SER("RSA", "yes", "der", "public", rsa_pub_der_serializer_functions), + SER("RSA", "yes", "pem", "private", rsa_priv_pem_serializer_functions), + SER("RSA", "yes", "pem", "public", rsa_pub_pem_serializer_functions), + SER("RSA-PSS", "yes", "text", "private", + rsa_priv_text_serializer_functions), + SER("RSA-PSS", "yes", "text", "public", rsa_pub_text_serializer_functions), + SER("RSA-PSS", "yes", "der", "private", rsa_priv_der_serializer_functions), + SER("RSA-PSS", "yes", "der", "public", rsa_pub_der_serializer_functions), + SER("RSA-PSS", "yes", "pem", "private", rsa_priv_pem_serializer_functions), + SER("RSA-PSS", "yes", "pem", "public", rsa_pub_pem_serializer_functions), + +#ifndef OPENSSL_NO_DH + SER("DH", "yes", "text", "private", dh_priv_text_serializer_functions), + SER("DH", "yes", "text", "public", dh_pub_text_serializer_functions), + SER("DH", "yes", "text", "parameters", dh_param_text_serializer_functions), + SER("DH", "yes", "der", "private", dh_priv_der_serializer_functions), + SER("DH", "yes", "der", "public", dh_pub_der_serializer_functions), + SER("DH", "yes", "der", "parameters", dh_param_der_serializer_functions), + SER("DH", "yes", "pem", "private", dh_priv_pem_serializer_functions), + SER("DH", "yes", "pem", "public", dh_pub_pem_serializer_functions), + SER("DH", "yes", "pem", "parameters", dh_param_pem_serializer_functions), +#endif + +#ifndef OPENSSL_NO_DSA + SER("DSA", "yes", "text", "private", dsa_priv_text_serializer_functions), + SER("DSA", "yes", "text", "public", dsa_pub_text_serializer_functions), + SER("DSA", "yes", "text", "parameters", + dsa_param_text_serializer_functions), + SER("DSA", "yes", "der", "private", dsa_priv_der_serializer_functions), + SER("DSA", "yes", "der", "public", dsa_pub_der_serializer_functions), + SER("DSA", "yes", "der", "parameters", dsa_param_der_serializer_functions), + SER("DSA", "yes", "pem", "private", dsa_priv_pem_serializer_functions), + SER("DSA", "yes", "pem", "public", dsa_pub_pem_serializer_functions), + SER("DSA", "yes", "pem", "parameters", dsa_param_pem_serializer_functions), +#endif + +#ifndef OPENSSL_NO_EC + SER("X25519", "yes", "text", "private", + x25519_priv_print_serializer_functions), + SER("X25519", "yes", "text", "public", + x25519_pub_print_serializer_functions), + SER("X25519", "yes", "der", "private", + x25519_priv_der_serializer_functions), + SER("X25519", "yes", "der", "public", x25519_pub_der_serializer_functions), + SER("X25519", "yes", "pem", "private", + x25519_priv_pem_serializer_functions), + SER("X25519", "yes", "pem", "public", x25519_pub_pem_serializer_functions), + + SER("X448", "no", "text", "private", x448_priv_print_serializer_functions), + SER("X448", "no", "text", "public", x448_pub_print_serializer_functions), + SER("X448", "no", "der", "private", x448_priv_der_serializer_functions), + SER("X448", "no", "der", "public", x448_pub_der_serializer_functions), + SER("X448", "no", "pem", "private", x448_priv_pem_serializer_functions), + SER("X448", "no", "pem", "public", x448_pub_pem_serializer_functions), + + SER("ED25519", "yes", "text", "private", + ed25519_priv_print_serializer_functions), + SER("ED25519", "yes", "text", "public", + ed25519_pub_print_serializer_functions), + SER("ED25519", "yes", "der", "private", + ed25519_priv_der_serializer_functions), + SER("ED25519", "yes", "der", "public", + ed25519_pub_der_serializer_functions), + SER("ED25519", "yes", "pem", "private", + ed25519_priv_pem_serializer_functions), + SER("ED25519", "yes", "pem", "public", + ed25519_pub_pem_serializer_functions), + + SER("ED448", "no", "text", "private", + ed448_priv_print_serializer_functions), + SER("ED448", "no", "text", "public", ed448_pub_print_serializer_functions), + SER("ED448", "no", "der", "private", ed448_priv_der_serializer_functions), + SER("ED448", "no", "der", "public", ed448_pub_der_serializer_functions), + SER("ED448", "no", "pem", "private", ed448_priv_pem_serializer_functions), + SER("ED448", "no", "pem", "public", ed448_pub_pem_serializer_functions), + + SER("EC", "yes", "text", "private", ec_priv_text_serializer_functions), + SER("EC", "yes", "text", "public", ec_pub_text_serializer_functions), + SER("EC", "yes", "text", "parameters", ec_param_text_serializer_functions), + SER("EC", "yes", "der", "private", ec_priv_der_serializer_functions), + SER("EC", "yes", "der", "public", ec_pub_der_serializer_functions), + SER("EC", "yes", "der", "parameters", ec_param_der_serializer_functions), + SER("EC", "yes", "pem", "private", ec_priv_pem_serializer_functions), + SER("EC", "yes", "pem", "public", ec_pub_pem_serializer_functions), + SER("EC", "yes", "pem", "parameters", ec_param_pem_serializer_functions), +#endif diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index d6198dddb9..ec1f3cf83b 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -34,7 +34,7 @@ #define MAX_HASH_BLOCK_SIZE 128 /* - * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in + * u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. */ #define u32toLE(n, p) \ From builds at travis-ci.com Thu Jul 30 11:35:25 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 30 Jul 2020 11:35:25 +0000 Subject: Still Failing: openssl/openssl#36423 (master - b8ea8d3) In-Reply-To: Message-ID: <5f22b07d118e8_13f93907a8998350364@travis-pro-tasks-74b6c94699-2jvcw.mail> Build Update for openssl/openssl ------------------------------------- Build: #36423 Status: Still Failing Duration: 1 hr, 19 mins, and 37 secs Commit: b8ea8d3 (master) Author: Matt Caswell Message: Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily The only reason we should fallback to legacy codepaths in DigestSignInit/ DigestVerifyInit, is if we have an engine, or we have a legacy algorithm that does not (yet) have a provider based equivalent (e.g. SM2, HMAC, etc). Currently we were falling back even if we have a suitable key manager but the export of the key fails. This might be for legitimate reasons (e.g. we only have the FIPS provider, but we're trying to export a brainpool key). In those circumstances we don't want to fallback to the legacy code. Therefore we tighten then checks for falling back to legacy. Eventually this particular fallback can be removed entirely (once all legacy algorithms have provider based key managers). Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12550) View the changeset: https://github.com/openssl/openssl/compare/593d6554f873...b8ea8d391200 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177765685?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jul 30 12:41:22 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 30 Jul 2020 12:41:22 +0000 Subject: Still Failing: openssl/openssl#36424 (master - adf3f83) In-Reply-To: Message-ID: <5f22bff142402_13fa67eca8d0c115278@travis-pro-tasks-756645467-mzlpk.mail> Build Update for openssl/openssl ------------------------------------- Build: #36424 Status: Still Failing Duration: 1 hr, 27 mins, and 3 secs Commit: adf3f83 (master) Author: Matt Caswell Message: Fix test_cmp_cli for extended tests The test_cmp_cli was failing in the extended tests on cross-compiled mingw builds. This was due to the test not using wine when it should do. The simplest solution is to just skip the test in this case. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12555) View the changeset: https://github.com/openssl/openssl/compare/b8ea8d391200...adf3f83e5227 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177770655?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 30 12:56:24 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 12:56:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1596113784.051397.16841.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3113, 862 wallclock secs (12.42 usr 1.30 sys + 800.94 cusr 60.67 csys = 875.33 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jul 30 13:52:10 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 30 Jul 2020 13:52:10 +0000 Subject: Still Failing: openssl/openssl#36425 (master - a3f15e2) In-Reply-To: Message-ID: <5f22d08a25d21_13fa097baa1cc97931@travis-pro-tasks-756645467-rflrx.mail> Build Update for openssl/openssl ------------------------------------- Build: #36425 Status: Still Failing Duration: 1 hr, 30 mins, and 34 secs Commit: a3f15e2 (master) Author: Pauli Message: deserialisation: add deserialisation to the base provider Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12104) View the changeset: https://github.com/openssl/openssl/compare/adf3f83e5227...a3f15e237c03 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177779604?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at ddvo.net Thu Jul 30 18:17:36 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 30 Jul 2020 18:17:36 +0000 Subject: [openssl] master update Message-ID: <1596133056.354846.2294.nullmailer@dev.openssl.org> The branch master has been updated via 1202de4481df88d63a2a5cc1e9e0450a7e72f4ac (commit) via fafa56a14fc4787060818715c151e1ef7b25e72f (commit) via 87d20a96510ecc78068865423e0fa127d17486de (commit) from a3f15e237c0325718f488ebf9a242c031f4f864e (commit) - Log ----------------------------------------------------------------- commit 1202de4481df88d63a2a5cc1e9e0450a7e72f4ac Author: Dr. David von Oheimb Date: Sat Jul 11 12:26:22 2020 +0200 Add OSSL_CMP_MSG_write(), use it in apps/cmp.c Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12421) commit fafa56a14fc4787060818715c151e1ef7b25e72f Author: Dr. David von Oheimb Date: Sat Jul 11 11:36:48 2020 +0200 Export ossl_cmp_msg_load() as OSSL_CMP_MSG_read(), use it in apps/cmp.c Fixes #12403 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12421) commit 87d20a96510ecc78068865423e0fa127d17486de Author: Dr. David von Oheimb Date: Sat Jul 11 11:21:06 2020 +0200 apps/cmp.c: Improve documentation of -recipient option Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12421) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 24 +++++------------------- crypto/cmp/cmp_local.h | 1 - crypto/cmp/cmp_msg.c | 24 ++++++++++++++++++++++-- doc/internal/man3/ossl_cmp_msg_create.pod | 5 ----- doc/man1/openssl-cmp.pod.in | 3 ++- doc/man3/OSSL_CMP_MSG_get0_header.pod | 17 +++++++++++++++-- include/openssl/cmp.h | 2 ++ test/cmp_testlib.c | 2 +- util/libcrypto.num | 2 ++ 9 files changed, 49 insertions(+), 31 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 17b5bed6ff..e5f72cbea7 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -321,7 +321,7 @@ const OPTIONS cmp_options[] = { {OPT_MORE_STR, 0, 0, "also used as reference (defaulting to -cert) for subject DN and SANs."}, {OPT_MORE_STR, 0, 0, - "Its issuer is used as recipient unless -srvcert, -recipient or -issuer given"}, + "Its issuer is used as recipient unless -recipient, -srvcert, or -issuer given"}, {"revreason", OPT_REVREASON, 'n', "Reason code to include in revocation request (rr); possible values:"}, {OPT_MORE_STR, 0, 0, @@ -354,7 +354,7 @@ const OPTIONS cmp_options[] = { {"srvcert", OPT_SRVCERT, 's', "Server cert to pin and trust directly when verifying signed CMP responses"}, {"recipient", OPT_RECIPIENT, 's', - "Distinguished Name (DN) to use as msg recipient; see man page for defaults"}, + "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, {"expect_sender", OPT_EXPECT_SENDER, 's', "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', @@ -934,7 +934,6 @@ static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames) { char *file; - BIO *bio; if (msg == NULL || filenames == NULL) { CMP_err("NULL arg to write_PKIMESSAGE"); @@ -947,17 +946,10 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames) file = *filenames; *filenames = next_item(file); - bio = BIO_new_file(file, "wb"); - if (bio == NULL) { - CMP_err1("Cannot open file '%s' for writing", file); - return 0; - } - if (i2d_OSSL_CMP_MSG_bio(bio, msg) < 0) { + if (OSSL_CMP_MSG_write(file, msg) < 0) { CMP_err1("Cannot write PKIMessage to file '%s'", file); - BIO_free(bio); return 0; } - BIO_free(bio); return 1; } @@ -965,7 +957,6 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames) static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) { char *file; - BIO *bio; OSSL_CMP_MSG *ret; if (filenames == NULL) { @@ -979,15 +970,10 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) file = *filenames; *filenames = next_item(file); - bio = BIO_new_file(file, "rb"); - if (bio == NULL) { - CMP_err1("Cannot open file '%s' for reading", file); - return NULL; - } - ret = d2i_OSSL_CMP_MSG_bio(bio, NULL); + + ret = OSSL_CMP_MSG_read(file); if (ret == NULL) CMP_err1("Cannot read PKIMessage from file '%s'", file); - BIO_free(bio); return ret; } diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 92f192bb5f..4e33fd339c 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -896,7 +896,6 @@ ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, int rid); X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, const OSSL_CMP_CERTRESPONSE *crep); -OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); /* from cmp_protect.c */ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index d45a803677..6d6e3bd2b6 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -1008,13 +1008,15 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) || ossl_cmp_msg_protect(ctx, msg); } -OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file) +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) { OSSL_CMP_MSG *msg = NULL; BIO *bio = NULL; - if (!ossl_assert(file != NULL)) + if (file == NULL) { + CMPerr(0, CMP_R_NULL_ARGUMENT); return NULL; + } if ((bio = BIO_new_file(file, "rb")) == NULL) return NULL; @@ -1023,6 +1025,24 @@ OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file) return msg; } +int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg) +{ + BIO *bio; + int res; + + if (file == NULL || msg == NULL) { + CMPerr(0, CMP_R_NULL_ARGUMENT); + return -1; + } + + bio = BIO_new_file(file, "wb"); + if (bio == NULL) + return -2; + res = i2d_OSSL_CMP_MSG_bio(bio, msg); + BIO_free(bio); + return res; +} + OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) { return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, diff --git a/doc/internal/man3/ossl_cmp_msg_create.pod b/doc/internal/man3/ossl_cmp_msg_create.pod index 3c236a3b49..0a10a6567e 100644 --- a/doc/internal/man3/ossl_cmp_msg_create.pod +++ b/doc/internal/man3/ossl_cmp_msg_create.pod @@ -6,7 +6,6 @@ ossl_cmp_bodytype_to_string, ossl_cmp_msg_get_bodytype, ossl_cmp_msg_set_bodytype, ossl_cmp_msg_create, -ossl_cmp_msg_load, ossl_cmp_msg_gen_ITAV_push0, ossl_cmp_msg_gen_ITAVs_push1 - functions manipulating CMP messages @@ -19,7 +18,6 @@ ossl_cmp_msg_gen_ITAVs_push1 int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); int ossl_cmp_msg_set_bodytype( OSSL_CMP_MSG *msg, int type); OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); - OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); int ossl_cmp_msg_gen_ITAV_push0(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav); int ossl_cmp_msg_gen_ITAVs_push1(OSSL_CMP_MSG *msg, STACK_OF(OSSL_CMP_ITAV) *itavs); @@ -40,9 +38,6 @@ ossl_cmp_msg_create() creates and initializes a OSSL_CMP_MSG structure, using B for the header and B for the body. Returns pointer to created OSSL_CMP_MSG on success, NULL on error. -OSSL_CMP_MSG *ossl_cmp_msg_load() loads a OSSL_CMP_MSG from a B. -Returns pointer to created OSSL_CMP_MSG on success, NULL on error. - ossl_cmp_msg_gen_ITAV_push0() pushes the B to the body of the PKIMessage B of GenMsg or GenRep type. Consumes the B pointer. Returns 1 on success, 0 on error. diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 216db0cb1f..45355cbdb3 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -506,10 +506,11 @@ and as default value for the expected sender of incoming CMP messages. =item B<-recipient> I Distinguished Name (DN) to use in the recipient field of CMP request messages, -i.e., the CMP server (usually a CA or RA entity). +i.e., the CMP server (usually the addressed CA). The argument must be formatted as I, characters may be escaped by C<\>E(backslash), no spaces are skipped. +The empty name (NULL-DN) can be given explicitly as a single slash: 'I'. The recipient field in the header of a CMP message is mandatory. If not given explicitly the recipient is determined in the following order: diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index f1bf8eac32..8503b74b7c 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -5,6 +5,8 @@ OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_update_transactionID, OSSL_CMP_CTX_setup_CRM, +OSSL_CMP_MSG_read, +OSSL_CMP_MSG_write, d2i_OSSL_CMP_MSG_bio, i2d_OSSL_CMP_MSG_bio - function(s) manipulating CMP messages @@ -16,6 +18,8 @@ i2d_OSSL_CMP_MSG_bio OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); + OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); + int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -35,6 +39,10 @@ then it copies the subject DN from there if I is set or the I does not include a subjectAltName. The I defines the request identifier to use, which typically is 0. +OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from B. + +OSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to B in DER encoding. + d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I. It assigns a pointer to the new structure to I<*msg> if I is not NULL. @@ -55,8 +63,13 @@ NULL on error. d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error. -i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID() -return 1 on success, 0 on error. +OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio() +return the parsed CMP message or NULL on error. + +OSSL_CMP_MSG_write() and i2d_OSSL_CMP_MSG_bio() return +the number of bytes successfully encoded or a negative value if an error occurs. + +OSSL_CMP_MSG_update_transactionID() returns 1 on success, 0 on error. =head1 HISTORY diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index 378cda641d..519117d622 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -355,6 +355,8 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); +int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); diff --git a/test/cmp_testlib.c b/test/cmp_testlib.c index d25ab7468b..ef33aa8e83 100644 --- a/test/cmp_testlib.c +++ b/test/cmp_testlib.c @@ -46,7 +46,7 @@ OSSL_CMP_MSG *load_pkimsg(const char *file) { OSSL_CMP_MSG *msg; - (void)TEST_ptr((msg = ossl_cmp_msg_load(file))); + (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file))); return msg; } diff --git a/util/libcrypto.num b/util/libcrypto.num index d53d04afa6..1a59d81624 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4993,6 +4993,8 @@ OSSL_CMP_certConf_cb ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_exec_RR_ses ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_exec_GENM_ses ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_http_perform ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_read ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_write ? 3_0_0 EXIST::FUNCTION:CMP EVP_PKEY_gen ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_rsa_keygen_bits ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_keygen_pubexp ? 3_0_0 EXIST::FUNCTION:RSA From builds at travis-ci.com Thu Jul 30 20:01:40 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 30 Jul 2020 20:01:40 +0000 Subject: Still Failing: openssl/openssl#36429 (master - 1202de4) In-Reply-To: Message-ID: <5f23272411294_13fc6e90a8f442695b@travis-pro-tasks-857bb76cb6-gz656.mail> Build Update for openssl/openssl ------------------------------------- Build: #36429 Status: Still Failing Duration: 57 mins and 33 secs Commit: 1202de4 (master) Author: Dr. David von Oheimb Message: Add OSSL_CMP_MSG_write(), use it in apps/cmp.c Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12421) View the changeset: https://github.com/openssl/openssl/compare/a3f15e237c03...1202de4481df View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/177854113?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 30 20:49:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 20:49:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1596142180.047125.24162.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui-console/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=207, Tests=3250, 893 wallclock secs (12.52 usr 1.21 sys + 790.15 cusr 63.41 csys = 867.29 CPU) Result: FAIL Makefile:3153: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3151: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Thu Jul 30 21:29:10 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 30 Jul 2020 21:29:10 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1596144550.296642.12259.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ea7a58a60659d12d102ec78af4d6c3e589347150 (commit) from 6328d3673fabc336e3064368d855c2d1153ef54c (commit) - Log ----------------------------------------------------------------- commit ea7a58a60659d12d102ec78af4d6c3e589347150 Author: Matt Caswell Date: Tue Jul 28 15:28:06 2020 +0100 Fix a test_verify failure A recently added certificate in test/certs expired causing test_verify to fail. This add a replacement certificate with a long expiry date. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12561) ----------------------------------------------------------------------- Summary of changes: test/certs/ee-self-signed.pem | 33 +++++++++++++++++---------------- test/certs/setup.sh | 2 +- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem index ad1e37ba0e..e854c9ad27 100644 --- a/test/certs/ee-self-signed.pem +++ b/test/certs/ee-self-signed.pem @@ -1,18 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL -BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN -MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU -fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC -76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz -BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl -V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv -0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP -MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO -lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G -d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI -ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 -CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK -wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 -WHoc +MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP +MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg +K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7 +iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c +QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS +luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj +1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB +o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU +55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC +B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm +WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO +h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG +G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf +vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o +ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM= -----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 7e40f65b68..57fca3f448 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -186,7 +186,7 @@ OPENSSL_KEYBITS=768 \ ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert # self-signed end-entity cert with explicit keyUsage not including KeyCertSign -openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500 # Proxy certificates, off of ee-client # Start with some good ones From openssl at openssl.org Thu Jul 30 23:14:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 30 Jul 2020 23:14:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1596150876.728869.4642.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock credentials' -proxy '' -no_proxy 127.0.0.1 -cert "" -key "" -keypass "" -unprotected_requests => 0 not ok 38 - unprotected request # ------------------------------------------------------------------------------ # Failed test 'unprotected request' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 3 tests of 38. not ok 5 - CMP app CLI Mock credentials # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout test.cert.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # ------------------------------------------------------------------------------ OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout test.cert.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # ------------------------------------------------------------------------------ # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. OPENSSL_FUNC:../openssl/apps/cmp.c:3119:CMP info: received from 127.0.0.1 PKIStatus: accepted # OPENSSL_FUNC:../openssl/apps/cmp.c:2895:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # OPENSSL_FUNC:../openssl/apps/cmp.c:2501:CMP warning: argument of -proxy option is empty string, resetting option # OPENSSL_FUNC:../openssl/apps/cmp.c:2112:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:172:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:190:CMP info: received PKICONF # OPENSSL_FUNC:../openssl/apps/cmp.c:2276:CMP info: received 1 enrolled certificate(s), saving to file 'test.cert.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout test.cert.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # ------------------------------------------------------------------------------ # Looks like you failed 3 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 3 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=207, Tests=2959, 827 wallclock secs (10.19 usr 1.35 sys + 761.43 cusr 52.18 csys = 825.15 CPU) Result: FAIL Makefile:2388: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2386: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 31 02:39:00 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 31 Jul 2020 02:39:00 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.35893 Message-ID: <20200731023900.1.DCD14ED9002B821E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 31 04:03:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 31 Jul 2020 04:03:09 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.35894 Message-ID: <20200731040309.1.010FF05CEAF91A64@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 31 05:23:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 05:23:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1596172991.053102.17536.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DESERIALIZER.3 doc/man/man3/OSSL_DESERIALIZER_CTX.3 doc/man/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DESERIALIZER_from_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_deserializer test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/serdes_test test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_deserializer.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c Makefile:4152: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3121: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Fri Jul 31 10:24:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 10:24:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1596191068.127664.25375.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_RAND.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set0_validity.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_DESERIALIZER.html doc/html/man3/OSSL_DESERIALIZER_CTX.html doc/html/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_DESERIALIZER_from_bio.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_X509_INFO_read_bio_with_libctx.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_public.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_RAND-CTR-DRBG.html doc/html/man7/EVP_RAND-HASH-DRBG.html doc/html/man7/EVP_RAND-HMAC-DRBG.html doc/html/man7/EVP_RAND-TEST-RAND.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_dispatch.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-rand.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_RAND.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set0_validity.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_DESERIALIZER.3 doc/man/man3/OSSL_DESERIALIZER_CTX.3 doc/man/man3/OSSL_DESERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_DESERIALIZER_from_bio.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_X509_INFO_read_bio_with_libctx.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_public.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_RAND-CTR-DRBG.7 doc/man/man7/EVP_RAND-HASH-DRBG.7 doc/man/man7/EVP_RAND-HMAC-DRBG.7 doc/man/man7/EVP_RAND-TEST-RAND.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_dispatch.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-rand.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_dispatch test/buildtest_c_core_names test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_deserializer test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_libctx_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/serdes_test test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/fipskey.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_dispatch.c test/buildtest_core_names.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_deserializer.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha6-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/fipskey.h.in > include/openssl/fipskey.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4132: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3101: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Fri Jul 31 11:12:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 11:12:23 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-srtp Message-ID: <1596193943.456263.27857.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-srtp Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 11:36:13 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 11:36:13 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sse2 Message-ID: <1596195373.775269.14110.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sse2 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 12:00:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 12:00:43 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ssl-trace Message-ID: <1596196843.503280.31147.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ssl-trace Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 12:35:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 12:35:25 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-static-engine no-shared Message-ID: <1596198925.422132.8900.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-static-engine no-shared Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 13:02:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 13:02:16 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-threads Message-ID: <1596200536.760363.9923.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-threads Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 13:26:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 13:26:40 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1596202000.241982.26509.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 14:14:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 14:14:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1596204851.212699.12693.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # Server sent alert unexpected_message but client received no alert. # 404792AB727F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_srvr.c:318: not ok 9 - iteration 9 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 25-cipher.cnf.default default => 1 not ok 6 - running ssl_test 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 2 tests of 9. not ok 26 - Test configuration 25-cipher.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #2, ECDHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40E79158F77F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/sslcorrupttest.c:199 # Starting #3, DHE-RSA-CHACHA20-POLY1305 # ERROR: (int) 'SSL_get_error(clientssl, 0) == SSL_ERROR_WANT_READ' failed @ ../openssl/test/ssltestlib.c:1032 # [1] compared to [2] # ERROR: (bool) 'create_ssl_connection(server, client, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslcorrupttest.c:229 # false # 40E79158F77F0000:error::SSL routines::unexpected message:../openssl/ssl/statem/statem_clnt.c:403: not ok 4 - iteration 4 # ------------------------------------------------------------------------------ not ok 1 - test_ssl_corrupt # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslcorrupttest ../../../openssl/apps/server.pem ../../../openssl/apps/server.pem => 1 not ok 1 - running sslcorrupttest # ------------------------------------------------------------------------------ # Failed test 'running sslcorrupttest' # at ../openssl/test/recipes/80-test_sslcorrupt.t line 19. # Looks like you failed 1 test of 1.80-test_sslcorrupt.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 26 Non-zero exit status: 1 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=207, Tests=3250, 1595 wallclock secs (11.09 usr 1.16 sys + 1524.58 cusr 66.96 csys = 1603.79 CPU) Result: FAIL Makefile:3164: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3162: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 31 14:38:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 14:38:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1596206311.755087.29843.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -csr wrong.csr.pem => 139 not ok 78 - p10cr wrong csr # ------------------------------------------------------------------------------ # Failed test 'p10cr wrong csr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt => 139 not ok 82 - cr command # ------------------------------------------------------------------------------ # Failed test 'cr command' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt => 139 not ok 83 - kur command explicit options # ------------------------------------------------------------------------------ # Failed test 'kur command explicit options' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -subject "" -certout test.cert.pem -oldcert test.cert.pem -server '127.0.0.1:1700' -cert test.cert.pem -key new.key -extracerts issuing.crt -secret "" => 139 not ok 84 - kur command minimal options # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey dir/ -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert test.cert.pem -server '127.0.0.1:1700' => 139 not ok 86 - kur newkey is directory # ------------------------------------------------------------------------------ ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert dir/ -server '127.0.0.1:1700' => 139 not ok 89 - kur oldcert is directory # ------------------------------------------------------------------------------ # Failed test 'kur oldcert is directory' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert idontexist -server '127.0.0.1:1700' => 139 not ok 90 - kur oldcert not existing # ------------------------------------------------------------------------------ # Failed test 'kur oldcert not existing' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -oldcert empty.txt -server '127.0.0.1:1700' => 139 not ok 91 - kur empty oldcert file # ------------------------------------------------------------------------------ # Failed test 'kur empty oldcert file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. ../../../../../no-ui/util/wrap.pl ../../../../../no-ui/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.cert.pem -out_trusted root.crt -cert "" -server '127.0.0.1:1700' => 139 not ok 92 - kur command without cert and oldcert # ------------------------------------------------------------------------------ # Failed test 'kur command without cert and oldcert' # at ../openssl/test/recipes/81-test_cmp_cli.t line 182. # Looks like you failed 65 tests of 92. not ok 7 - CMP app CLI Mock enrollment # ------------------------------------------------------------------------------ # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/no-ui/../openssl/util/perl/OpenSSL/Test.pm line 1302. # Looks like you failed 5 tests of 7.81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=207, Tests=3250, 879 wallclock secs (12.62 usr 1.22 sys + 781.10 cusr 60.50 csys = 855.44 CPU) Result: FAIL Makefile:3142: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3140: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 31 15:02:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 15:02:31 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-unit-test Message-ID: <1596207751.236959.15533.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-unit-test Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 15:26:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 15:26:21 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-whirlpool Message-ID: <1596209181.222032.32396.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-whirlpool Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 15:50:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 15:50:37 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-weak-ssl-ciphers Message-ID: <1596210637.798880.16999.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-weak-ssl-ciphers Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 16:14:35 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 16:14:35 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-zlib Message-ID: <1596212075.562085.2741.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-zlib Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 16:38:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 16:38:47 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-zlib-dynamic Message-ID: <1596213527.407236.19762.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-zlib-dynamic Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 17:00:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 17:00:43 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings 386 Message-ID: <1596214843.801738.4328.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings 386 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 17:24:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 17:24:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1596216240.187189.22243.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 9 - iteration 9 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 10 - iteration 10 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 11 - iteration 11 # ------------------------------------------------------------------------------ # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:479 # 0x0 not ok 12 - iteration 12 # ------------------------------------------------------------------------------ not ok 1 - test_handshake # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/ssl_test 04-client_auth.cnf.fips fips ../../../openssl/test/fips.cnf => 1 not ok 9 - running ssl_test 04-client_auth.cnf # ------------------------------------------------------------------------------ # Failed test 'running ssl_test 04-client_auth.cnf' # at ../openssl/test/recipes/80-test_ssl_new.t line 173. # Looks like you failed 1 test of 9. not ok 5 - Test configuration 04-client_auth.cnf # ------------------------------------------------------------------------------ # Looks like you failed 1 test of 31.80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=207, Tests=3247, 828 wallclock secs (12.34 usr 1.15 sys + 766.99 cusr 59.04 csys = 839.52 CPU) Result: FAIL Makefile:3151: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3149: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 31 17:44:30 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 17:44:30 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1596217470.171709.3103.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 18:07:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 18:07:29 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ssl3 Message-ID: <1596218849.306124.21148.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ssl3 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 18:31:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 18:31:39 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1 Message-ID: <1596220299.625388.5658.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 18:55:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 18:55:14 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_1 Message-ID: <1596221714.110945.22352.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 19:17:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 19:17:56 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1596223076.582900.6158.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 19:41:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 19:41:59 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dtls1 Message-ID: <1596224519.822835.23068.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 20:06:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 20:06:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1596225970.054415.8826.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F036ACF67F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0F036ACF67F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0F036ACF67F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/tlFADGJAvw default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0156ED17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0156ED17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0156ED17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0156ED17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0A0156ED17F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0A0156ED17F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/tlFADGJAvw fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=207, Tests=3249, 864 wallclock secs (13.34 usr 1.37 sys + 799.59 cusr 61.21 csys = 875.51 CPU) Result: FAIL Makefile:3166: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3164: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 31 20:30:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 20:30:09 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ssl3-method Message-ID: <1596227409.086177.25794.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ssl3-method Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 20:54:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 20:54:12 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1-method Message-ID: <1596228852.488932.10320.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1-method Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 21:18:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 21:18:22 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_1-method Message-ID: <1596230302.849686.28057.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_1-method Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 21:37:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 21:37:55 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1596231475.253582.10663.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 22:01:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 22:01:55 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dtls1-method Message-ID: <1596232915.896544.27742.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1-method Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 22:26:00 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 22:26:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1596234360.767380.13371.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0204099567F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0204099567F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0204099567F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/K4bBYeiZ6C default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E07377AD7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E07377AD7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:846 # false not ok 3 - test_large_message_dtls # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E07377AD7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E07377AD7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1631 # false # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1709 # false not ok 4 - test_cleanse_plaintext # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C0E07377AD7F0000:error::SSL routines::no suitable signature algorithm:../openssl/ssl/t1_lib.c:3329: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C0E07377AD7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:618:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6749 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ not ok 53 - test_ssl_pending # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/K4bBYeiZ6C fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=207, Tests=3249, 858 wallclock secs (13.20 usr 1.50 sys + 790.46 cusr 61.39 csys = 866.55 CPU) Result: FAIL Makefile:3174: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3172: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 31 22:50:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 22:50:45 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-siphash Message-ID: <1596235845.426504.30285.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-siphash Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m From openssl at openssl.org Fri Jul 31 23:13:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 23:13:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1596237235.806185.14398.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m Build log ended with (last 100 lines): # 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010EF88137F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010EF88137F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C010EF88137F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C010EF88137F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/1L9MBS9MXP default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070F2ACCE7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070F2ACCE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 2 - iteration 2 # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/ssltestlib.c:964 # SSL_accept() failed -1, 1 # C070F2ACCE7F0000:error::SSL routines::internal error:../openssl/ssl/s3_enc.c:415: # INFO: @ ../openssl/test/ssltestlib.c:946 # SSL_connect() failed -1, 1 # C070F2ACCE7F0000:error::SSL routines::tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1615:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:8202 # false not ok 3 - iteration 3 # ------------------------------------------------------------------------------ not ok 37 - test_sigalgs_available # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/1L9MBS9MXP fips ../../../openssl/test/fips.cnf => 1 not ok 3 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 45. # Looks like you failed 2 tests of 3.90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=207, Tests=3171, 807 wallclock secs (11.56 usr 1.28 sys + 741.47 cusr 58.19 csys = 812.50 CPU) Result: FAIL Makefile:3154: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3152: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 31 23:37:57 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 31 Jul 2020 23:37:57 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1596238677.737808.31091.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: cfae32c69a [test][ectest] Minor touches to custom_generator_test f5384f064e [test] Vertically test explicit EC params API patterns 79410c5f8b namemap: fix threading issue 5cd9962272 Fix a test_verify failure ef8980176d Deprecate -nodes in favor of -noenc in pkcs12 and req app 846f96f821 TEST: Add RSA-PSS cases in test/serdes_test.c a4e55cccc9 PROV: Add a DER to RSA-PSS deserializer implementation 456b3b97a4 EVP, PROV: Add misc missing bits for RSA-PSS 51d9ac870a Fix no-ec2m